dougvargas

Members
  • Content Count

    108
  • Joined

  • Last visited

  • Days Won

    1

dougvargas last won the day on March 25 2014

dougvargas had the most liked content!

Community Reputation

1 Neutral

About dougvargas

  • Rank
    Advanced Member

Profile Information

  • Location
    2111
  1. yeah, I definitely don't want to use McAfee -- that was just a trial version that came on the PC. I'll start using Ad-aware or MBAM. Thanks again-- d
  2. hey Cecilia, I appreciate you checking the logs for me -- glad to hear that they look clean, I was worried that the malware program might have installed backdoors or other surprises. It's embarrassing that I was fooled into installing all this malware. But It's amazing how easy it is to find fake download sites on Google. Recently I was looking for the Adobe Flash player on Google and the results included 3 fake download sites right at the top (they were marked "ad" but still..). You gotta love these guys. Anyway thanks again, you've been a huge help over the years! Cheers-- Doug
  3. hi, I tried to install a video player (VLC) recently, but I foolishly picked the first link that came up in Google without paying attention to where I was downloading from -- and it turned out to be a massive malware installer instead (ugh, I blew it!) Of course it installed every PUP known to man -- fortunately I think I was able to clean it all off, but I'd like to get a second opinion on that! Here are the steps I took: 1) Ran MBAM (full scan with latest definitions) and removed 168 infected items (Laflurla, TidyNetwork, SearchProtect, WeatherAlerts, Sambreel, Conduit, etc). 2) Rebooted, Ran MBAM again and it reported no infected items. 3) Ran Adaware (full scan with latest definitions) and it reported no infected items. 4) Ran TDSSKiller and it reported no infection. 5) Ran AdwCleaner.exe and it removed a couple of items. 6) Manually fixed settings in Chrome that were changed to point to alternate search engines. At this point, the machine seems to be back to normal. But I'm wondering if there's anything still on the machine that the scanners missed? Could someone please take a glance at the DDS logs below and let me know if I need to do anything else? Thanks! Doug ================================================================================= DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16843 Run by Doug at 10:12:01 on 2014-03-21 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.16301.13810 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\dwm.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ASUS\P4G\InsOnSrv.exe C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Elantech\ETDService.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files\McAfee\MSC\McAPExe.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\dashost.exe C:\Windows\system32\taskhostex.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files\ASUS\P4G\InsOnWMI.exe C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe C:\Program Files\Elantech\ETDGesture.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\UMonit64.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe C:\Program Files (x86)\ASUS\APRP\aprp.exe C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe c:\PROGRA~1\mcafee\msc\mcupdmgr.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [ROGNB] "C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe" mExplorerRun: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" mPolicies-System: DisableCAD = dword:1 TCP: NameServer = 10.0.0.1 TCP: Interfaces\{C02EDA13-940F-4A4A-8D15-C2D9301D8CB5} : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{C02EDA13-940F-4A4A-8D15-C2D9301D8CB5}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 x64-Run: [uMonit64] C:\Windows\SysWOW64\UMonit64.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-mPolicies-System: DisableCAD = dword:1 x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-8-27 644968] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files\ASUS\P4G\InsOnSrv.exe [2013-7-23 277120] R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2013-6-13 312448] R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-8-27 99664] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-11-19 131544] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-11-19 169432] R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744] R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-30 178528] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928] R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 311600] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-5-1 1025712] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-5-1 219752] R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 783864] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-5-1 185792] R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 344688] R2 plctrl;plctrl;C:\Program Files\ASUS\P4G\PLCTRL.sys [2013-7-23 14136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-7-8 383776] R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2013-6-13 323584] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152] R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-11-19 89800] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-11-19 347336] R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-11-19 115912] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-11-19 34384] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-11-19 179432] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-11-19 77464] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-11-19 136784] R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-11-19 587464] R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 70592] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-8-27 363920] R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-8-27 19256] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-8-27 129224] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 520696] R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2014-1-21 422712] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-11-9 69352] S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/11/19 18:04:17;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2013-4-24 247768] S2 Util Laflurla;Util Laflurla;"C:\Program Files (x86)\Laflurla\bin\utilLaflurla.exe" --> C:\Program Files (x86)\Laflurla\bin\utilLaflurla.exe [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\Drivers\GeneStor.sys [2013-11-19 91368] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2014-1-31 197704] S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232] S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\System32\Drivers\MAudioFastTrackUltra8R.sys [2011-4-29 197424] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2013-5-1 334760] S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2014-1-21 96592] S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-5-1 328928] . =============== Created Last 30 ================ . 2014-03-17 02:55:57 -------- d-----w- C:\AdwCleaner 2014-03-17 00:43:32 -------- d-----w- C:\Users\Doug\AppData\Roaming\LavasoftStatistics 2014-03-17 00:32:08 -------- d-----w- C:\Program Files\Lavasoft 2014-03-17 00:31:03 -------- d-----w- C:\Program Files\Common Files\Lavasoft 2014-03-16 23:08:30 -------- d-----w- C:\Users\Doug\AppData\Roaming\Malwarebytes 2014-03-16 23:08:13 -------- d-----w- C:\ProgramData\Malwarebytes 2014-03-16 23:08:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-03-16 23:08:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-16 23:01:42 -------- d-----w- C:\Users\Doug\AppData\Local\Programs 2014-03-16 16:31:56 595968 ----a-w- C:\Windows\System32\qedit.dll 2014-03-16 16:31:56 496640 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-02-24 22:02:47 -------- d-----w- C:\Users\Doug\AppData\Local\Adobe 2014-02-24 13:10:45 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2014-02-24 13:10:45 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2014-02-24 13:04:48 -------- d-----w- C:\Windows\System32\MRT 2014-02-24 01:08:23 -------- d-----w- C:\sources 2014-02-23 15:01:38 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2014-02-23 14:59:36 3842560 ----a-w- C:\Windows\System32\d2d1.dll 2014-02-23 14:59:35 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll 2014-02-23 14:59:35 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-02-23 14:59:34 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2014-02-23 14:48:50 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-23 14:48:50 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-23 14:36:49 583680 ----a-w- C:\Windows\System32\msdrm.dll 2014-02-23 14:36:49 451072 ----a-w- C:\Windows\SysWow64\msdrm.dll 2014-02-23 14:36:15 688640 ----a-w- C:\Windows\System32\WSShared.dll 2014-02-23 14:36:15 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll 2014-02-23 14:36:15 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-23 14:36:15 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-23 14:26:06 255664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10234.bin 2014-02-23 14:21:32 1845248 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-23 14:21:32 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-02-23 14:17:10 2232664 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-02-23 14:15:54 600064 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-23 14:15:53 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll . ==================== Find3M ==================== . 2014-03-21 14:06:48 74 ----a-w- C:\Users\Doug\AppData\Roaming\sp_data.sys 2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll 2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll 2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys 2014-01-27 13:43:26 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2014-01-27 13:37:32 344688 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2014-01-27 13:37:08 185792 ----a-w- C:\Windows\System32\mfevtps.exe 2014-01-27 13:33:26 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2014-01-27 13:31:34 520696 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2014-01-27 13:30:06 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2014-01-27 13:29:22 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2014-01-27 13:15:36 69352 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys 2014-01-21 07:50:46 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys 2014-01-21 07:50:24 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys 2014-01-21 07:50:02 422712 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys . ============= FINISH: 10:12:20.56 =============== ================================================================================= DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 1/29/2014 10:21:16 PM System Uptime: 3/21/2014 10:03:33 AM (0 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | G750JX Processor: Intel® Core i7-4700HQ CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 195.587 GiB free. D: is FIXED (NTFS) - 398 GiB total, 397.893 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP5: 2/23/2014 9:14:09 AM - Windows Update RP6: 3/16/2014 7:13:25 PM - Windows Update . ==== Installed Programs ====================== . ??? ???? Ableton Live 9 Suite Ad-Aware Antivirus AdAwareInstaller AdAwareUpdater Adobe Reader X MUI AntimalwareEngine ASUS Live Update ASUS Power4Gear Hybrid ASUS ROG Gaming Mouse ASUS Screen Saver ASUS Splendid Video Enhancement Technology ASUS USB Charger Plus ASUS WebStorage Sync Agent ASUSDVD AsusVibe2.0 ATK Package Azteca Bejeweled 3 Cut the Rope D3DX10 ETDWare PS/2-X64 11.5.9.1_WHQL Galerie de photos Galería de fotos Genesys USB Mass Storage Device Google Chrome Google Update Helper Intel® Management Engine Components Intel® Trusted Connect Service Client Korg Legacy Collection VSTi v1.0.02 M-Audio FastTrackUltra8R Driver 6.0.10 (x64) Malwarebytes Anti-Malware version 1.75.0.1300 McAfee LiveSafe – Internet Security Microsoft Application Error Reporting Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 MyBitCast 2.0 Notepad++ NVIDIA 3D Vision Driver 311.93 NVIDIA Control Panel 311.93 NVIDIA GeForce Experience 1.5 NVIDIA Graphics Driver 311.93 NVIDIA HD Audio Driver 1.3.24.2 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.13.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 4.11.9 NVIDIA Update Components Peggle Penguins! Photo Common Photo Gallery Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Client Installation Program Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver Realtek High Definition Audio Driver rgc:audio z3ta+ Shared C Run-time for x64 Tales of Lagoona Update Installer for WildTangent Games App WildTangent Games WildTangent Games App Windows Live Windows Live ??? Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinFlash . ==== Event Viewer Messages From Past Week ======== . 3/21/2014 10:04:05 AM, Error: Service Control Manager [7000] - The Util Laflurla service failed to start due to the following error: The system cannot find the file specified. 3/21/2014 10:04:05 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist. 3/16/2014 8:42:02 PM, Error: Service Control Manager [7034] - The Optimizer Pro Crash Monitor service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
  4. hey Cecelia, thanks for checking out my OTL log-- I'm very glad it looks clean to you. I use this machine for live music and have a performance this weekend (so it's a bad time for an infection!) I did all the steps you suggested-- cleaned w/ OTL, updated Java, and ran Secunia (which found a few minor things i need to update). So I'm think I'm all set here, thanks again! Doug
  5. hi, I got an infection last night (guessing from a malicious web site). I ran MBAM (newest definitions) and it reported that I had 'PUP.Casino' and it removed the file: ===================== Files Detected: 1 C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\Cache\0\03\46BE5d01 (PUP.Casino) -> Quarantined and deleted successfully. ===================== After rebooting, I re-ran MBAM and the scan was clean. However I couldn't access the Internet-- the wireless connection was established, but Firefox couldn't access any pages. Then after few minutes the problem went away by itself: the Internet connection was working fine again. I ran Adware (latest definitions) and the scan was clean (except for some tracking cookies). I ran TDSS Killer (latest version) and the scan was clean. I visited the "DNSChanger" site and it saw no infection. So the machine seems OK-- but I'm wondering if there's something still there that the scanners can't see ? If you don't mind, could you take a glance at the OTL logs below and let me know if you see anything? (Sorry I couldn't run a DDS scan-- for some reason I get a "Virus Download Blocked" error when I try to download it). Thanks, Doug NOTE: I worked with Cecilia B. on this machine last year, and unfortunately I failed to send a final wrap-up email -- the machine was fixed, I just needed to complete some clean-up steps, which I did, but I should have gotten back to confirm. Sorry about that-- I really appreciate the help, it's been life-saving! ====================================================================================== [b]OTL logfile created on: 6/22/2012 12:50:22 PM - Run 3[/b] OTL by OldTimer - Version 3.2.51.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 50.55% Memory free 3.81 Gb Paging File | 3.10 Gb Available in Paging File | 81.26% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.30 Gb Total Space | 7.51 Gb Free Space | 5.24% Space Free | Partition Type: NTFS Computer Name: LENOVO-E0DD377A | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Notepad++\NppShell_01.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3152.38760__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3152.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3152.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3152.38941__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3152.38752__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3152.38738__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3152.38973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3152.38905__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3152.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3152.38980__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3152.38919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3152.38732__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3152.38912__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3152.38871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3152.38785__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3152.38858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3152.38739__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3152.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3152.38899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3152.38865__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3152.38778__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3152.38887__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3152.38886__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3152.38898__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3076.23108__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3152.38954__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3152.38746__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3152.38963__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3152.38961__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3152.38711__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3152.38710__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3152.38992__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3152.39004__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3152.38709__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3152.38725__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3152.38710__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3152.38708__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3152.38709__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3152.38962__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL () MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll () MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll () MOD - C:\Program Files\EditPlus 3\eppshell.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (SessionLauncher) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found DRV - (btaudio) -- system32\drivers\btaudio.sys File not found DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (MAUSBRI) -- C:\WINDOWS\system32\drivers\mausbft8r.sys (Avid Technology, Inc.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\WINDOWS\system32\drivers\mausb.sys (Avid Technology, Inc.) DRV - (MAFW) -- C:\WINDOWS\system32\drivers\mafw.sys (Avid Technology, Inc.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {3101B6F0-6147-4ADF-A639-518530291FD4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\..\SearchScopes\{3101B6F0-6147-4ADF-A639-518530291FD4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 22:21:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/10 22:06:08 | 000,000,000 | ---D | M] [2009/08/26 00:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2011/11/01 23:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions [2009/09/25 21:15:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/10/31 11:43:54 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions\[email protected] [2012/04/01 23:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/17 19:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2012/04/01 23:34:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011/10/31 11:43:54 | 000,220,974 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D431KDYV.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI [2011/11/01 23:07:44 | 001,242,958 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D431KDYV.DEFAULT\EXTENSIONS\[email protected] [2012/04/01 23:33:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/06/24 22:21:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/01 23:33:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/06/10 22:05:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/12/16 12:08:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.208.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24727129-C43F-449E-91ED-CE028E4B60A5}: DhcpNameServer = 172.17.208.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/06/22 12:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware_6-12 [2012/06/19 10:13:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/13 09:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\email_templates [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/06/22 12:46:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2012/06/22 12:41:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005UA.job [2012/06/22 12:07:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/06/22 11:50:14 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012/06/22 11:50:14 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012/06/22 11:49:39 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2012/06/22 11:41:22 | 000,443,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/22 11:41:22 | 000,072,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/22 11:40:28 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Ad-Aware.exe.lnk [2012/06/22 11:36:46 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/22 11:36:03 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012/06/22 11:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/22 11:35:53 | 2107,645,952 | -HS- | M] () -- C:\hiberfil.sys [2012/06/20 09:33:12 | 001,464,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/19 10:17:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/17 17:52:31 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2012/06/17 17:52:31 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2012/06/17 17:52:31 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2012/06/17 17:52:31 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2012/06/16 14:48:41 | 000,048,420 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\killer-mike-rap-music.jpg [2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll [2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll [2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll [2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll [2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/06/22 11:50:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2012/06/22 11:50:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2012/06/22 11:40:28 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Ad-Aware.exe.lnk [2012/06/22 07:52:06 | 2107,645,952 | -HS- | C] () -- C:\hiberfil.sys [2012/06/19 09:49:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/06/19 09:49:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/06/16 14:48:41 | 000,048,420 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\killer-mike-rap-music.jpg [2011/12/29 21:20:54 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011/12/29 21:20:54 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011/08/26 23:09:00 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\MapReverseConverter.dat [2011/06/01 09:03:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll [2010/12/31 17:19:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/12/24 00:53:33 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/25 09:40:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/16 21:49:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== LOP Check ==========[/color] [2009/08/26 10:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton [2009/12/05 21:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/12/28 12:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco [2011/01/22 20:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen [2009/08/14 15:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/14 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2010/09/19 17:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009/08/14 15:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2010/12/31 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2010/08/02 21:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/03/04 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14} [2009/08/26 10:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ableton [2009/08/14 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CachedFiles [2010/09/19 18:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/05/16 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CVS [2010/02/22 22:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EditPlus 3 [2011/01/22 20:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen [2010/02/03 23:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla [2010/03/04 23:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo [2009/08/31 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lenovo [2010/06/17 09:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++ [2010/05/14 17:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera [2009/11/08 00:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers [2010/04/20 22:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RadarSync [2012/05/06 01:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony [2012/06/22 12:07:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2012/06/22 11:36:03 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [color=#E56717]========== Purity Check ==========[/color] < End of report >
  6. hi Cecilia, I'll follow your instructions and post an updated OTL log. However I'll be traveling for the next 5 days so I won't be able to post until late next week. But thanks for your help and hope you have a nice weekend/holiday-- Doug
  7. hey Cecilia, below is the ESET log. Note-- this file is OK, it's a legitimate program that ESET flags for some reason: >> C:\Program Files\Native Instruments\Kontakt Player 2\KontaktPlayer2.exe a variant of Win32/Packed.Themida applicatio thanks-- Doug ==================================== [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17103 (vista_gdr.110816-1000) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=497649bf3bb3fd4da43dc0d67a5d1e02 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-22 03:36:27 # local_time=2011-12-22 10:36:27 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 53967403 53967403 0 0 # compatibility_mode=8192 67108863 100 0 29533644 29533644 0 0 # scanned=152775 # found=7 # cleaned=0 # scan_time=6343 C:\Documents and Settings\Owner\My Documents\Downloads\Adobe InDesign CS5 Premium v7.0\Your Software Here\Keygen\keygen.exe a variant of Win32/HackTool.Patcher.P application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Owner\My Documents\Downloads\Adobe InDesign CS5 Premium v7.0 + KEYGEN {Archon}\Adobe InDesign CS5 Premium v7.0.zip a variant of Win32/HackTool.Patcher.P application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Native Instruments\Kontakt Player 2\KontaktPlayer2.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\qme.exe.vir a variant of Win32/Kryptik.XKR trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP107\A0018099.sys a variant of Win32/Rootkit.Kryptik.GG trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP108\A0018113.sys a variant of Win32/Rootkit.Kryptik.GG trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP110\A0018285.exe a variant of Win32/Kryptik.XKR trojan (unable to clean) 00000000000000000000000000000000 I
  8. hi Cecilia, I followed your instructions (log below). the machine seems to be working fine now! thanks-- Doug ========================================================== All processes killed ========== OTL ========== C:\Documents and Settings\Owner\Local Settings\Application Data\vssccn8v5nix1mvd1ytf7e741l7k moved successfully. C:\Documents and Settings\All Users\Application Data\vssccn8v5nix1mvd1ytf7e741l7k moved successfully. C:\Documents and Settings\All Users\Application Data\15720228 moved successfully. C:\Documents and Settings\All Users\Application Data\~16768804r moved successfully. C:\Documents and Settings\All Users\Application Data\~16768804 moved successfully. C:\Documents and Settings\All Users\Application Data\16768804 moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\1368123653 moved successfully. C:\Documents and Settings\All Users\Application Data\1368123653 moved successfully. C:\Documents and Settings\All Users\Application Data\~lCkU6kZH moved successfully. C:\Documents and Settings\All Users\Application Data\~lCkU6kZHr moved successfully. C:\Documents and Settings\All Users\Application Data\lCkU6kZH moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point (0) [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 9200 bytes User: Owner ->Temp folder emptied: 1491142 bytes ->Temporary Internet Files folder emptied: 272668 bytes ->Java cache emptied: 10136226 bytes ->FireFox cache emptied: 375542081 bytes ->Flash cache emptied: 60306 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 370.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12192011_095009 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  9. hey Cecilia, good to hear. I rebooted and ran OTL (log below). Thanks-- d =============================================================== [b]OTL logfile created on: 12/17/2011 3:23:00 PM - Run 2[/b] OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.95% Memory free 3.81 Gb Paging File | 3.10 Gb Available in Paging File | 81.47% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.30 Gb Total Space | 15.13 Gb Free Space | 10.56% Space Free | Partition Type: NTFS Computer Name: LENOVO-E0DD377A | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3152.38760__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3152.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3152.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3152.38941__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3152.38752__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3152.38738__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3152.38973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3152.38905__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3152.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3152.38980__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3152.38919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3152.38732__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3152.38912__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3152.38871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3152.38785__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3152.38858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3152.38739__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3152.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3152.38899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3152.38865__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3152.38778__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3152.38887__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3152.38886__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3152.38898__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3076.23108__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3152.38954__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3152.38746__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3152.38963__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3152.38961__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3152.38711__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3152.38710__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3152.38992__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3152.39004__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3152.38709__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3152.38725__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3152.38710__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3152.38708__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3152.38709__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3152.38962__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL () MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll () MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (SessionLauncher) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (MAUSBRI) -- C:\WINDOWS\system32\drivers\mausbft8r.sys (Avid Technology, Inc.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\WINDOWS\system32\drivers\mausb.sys (Avid Technology, Inc.) DRV - (MAFW) -- C:\WINDOWS\system32\drivers\mafw.sys (Avid Technology, Inc.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 21:21:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/10 21:06:08 | 000,000,000 | ---D | M] [2009/08/25 23:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2011/11/01 22:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions [2009/09/25 20:15:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/10/31 10:43:54 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions\[email protected] [2011/06/10 09:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/17 18:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D431KDYV.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D431KDYV.DEFAULT\EXTENSIONS\[email protected] [2010/07/17 18:28:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/06/24 21:21:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/07/17 18:28:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/06/10 21:05:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/12/16 11:08:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24727129-C43F-449E-91ED-CE028E4B60A5}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/16 17:40:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe [2011/12/16 17:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\TDSS_killer [2011/12/16 10:52:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/12/16 10:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/12/16 10:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/12/16 10:52:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/12/16 10:48:42 | 004,340,701 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2011/12/11 18:39:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2011/12/11 18:08:01 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com [2011/12/02 20:27:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2011/11/24 19:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Maine_vac_pix [2011/11/22 20:33:09 | 000,000,000 | ---D | C] -- C:\Config.Msi [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/17 15:07:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2011/12/17 14:31:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005UA.job [2011/12/17 11:34:42 | 000,443,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/12/17 11:34:42 | 000,072,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/12/17 11:30:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/17 11:29:56 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2011/12/17 11:29:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/17 11:29:46 | 2107,645,952 | -HS- | M] () -- C:\hiberfil.sys [2011/12/16 17:42:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat [2011/12/16 17:40:39 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe [2011/12/16 17:35:53 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(3).zip [2011/12/16 11:08:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/12/16 10:48:48 | 004,340,701 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2011/12/14 11:19:29 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2011/12/14 11:19:00 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2011/12/11 18:39:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2011/12/11 18:08:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com [2011/12/11 15:31:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005Core.job [2011/12/11 14:50:54 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iExplore.exe.lnk [2011/12/11 14:47:59 | 000,014,606 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/11 14:47:59 | 000,014,606 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/09 11:34:23 | 000,009,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adz.jpg [2011/11/23 18:21:18 | 000,033,783 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lani-kate.jpg [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/16 17:42:31 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat [2011/12/16 10:52:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/12/16 10:52:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/12/16 10:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/12/16 10:52:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/12/16 10:52:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/12/11 18:11:33 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(3).zip [2011/12/11 15:27:29 | 2107,645,952 | -HS- | C] () -- C:\hiberfil.sys [2011/12/11 14:50:54 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iExplore.exe.lnk [2011/12/11 13:31:58 | 000,014,606 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/11 13:31:58 | 000,014,606 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/09 11:34:22 | 000,009,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adz.jpg [2011/11/23 18:21:18 | 000,033,783 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lani-kate.jpg [2011/08/26 22:09:00 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\MapReverseConverter.dat [2011/06/01 08:03:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll [2011/05/24 22:10:17 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15720228 [2011/05/24 21:24:19 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16768804r [2011/05/24 21:24:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16768804 [2011/05/24 21:24:00 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16768804 [2011/03/17 21:05:27 | 000,010,622 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1368123653 [2011/03/17 21:05:27 | 000,010,622 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1368123653 [2011/01/01 23:18:41 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~lCkU6kZH [2011/01/01 23:18:41 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~lCkU6kZHr [2011/01/01 23:18:01 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lCkU6kZH [2010/12/31 16:19:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/12/23 23:53:33 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/25 08:40:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/16 20:49:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/26 09:51:28 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/08/26 09:51:28 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/08/26 09:51:28 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/08/25 23:07:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/08/14 14:34:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/14 14:28:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2009/08/14 14:28:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2009/08/14 14:28:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009/08/14 14:25:39 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009/08/14 14:25:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/14 14:23:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/08/14 14:23:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/08/14 14:23:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/08/14 14:23:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/08/14 14:23:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/08/14 14:23:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/08/14 14:17:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/08/14 14:13:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009/08/14 14:13:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/08/14 14:13:36 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/08/14 14:13:36 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/08/14 14:13:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe [2009/08/14 14:08:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2009/08/14 14:00:21 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config [2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/04/30 01:55:55 | 000,443,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/04/30 01:55:55 | 000,072,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/04/29 19:03:29 | 001,464,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color=#E56717]========== LOP Check ==========[/color] [2009/08/26 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton [2009/12/05 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/01/22 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen [2009/08/14 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/14 14:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2010/09/19 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009/08/14 14:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2010/12/31 14:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2010/08/02 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/03/04 21:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14} [2009/08/26 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ableton [2011/11/28 23:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent [2009/08/14 14:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CachedFiles [2010/09/19 17:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/05/16 20:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CVS [2010/02/22 21:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EditPlus 3 [2011/01/22 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen [2010/02/03 22:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla [2010/03/04 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo [2009/08/31 20:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lenovo [2010/06/17 08:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++ [2010/05/14 16:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera [2009/11/07 23:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers [2010/04/20 21:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RadarSync [2009/11/07 23:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony [2011/12/17 15:07:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2011/12/17 11:29:56 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [color=#E56717]========== Purity Check ==========[/color] < End of report >
  10. Hi Cecilia, here's the VirusTotal report for this file: C:\Documents and Settings\Owner\Desktop\MBR.dat http://www.virustotal.com/file-scan/report.html?id=525dd08d68e08ab162b6c782e02edcb60dc0ea4df45b7fb53db61218f0c69732-1324080638 And I re-ran ComboFix (the log is below). NOTE: This time it did not give me the pop-up warning about 'zero access' -- it just ran normally, and the scan finished much more quickly than the first time it ran. Let me know how this looks, thanks-- Doug ======================================================================= [b]ComboFix 11-12-16.01 - Owner 12/16/2011 19:22:03.9.2 - x86[/b] Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.1447 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 ))))))))))))))))))))))))))))))) . . 2011-12-03 01:27 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-12-03 01:27 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-11 23:13 . 2006-04-30 06:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-25 02:21 . 2011-06-11 02:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( [email protected]_16.08.32 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-16 23:53 . 2011-12-16 23:53 16384 c:\windows\temp\Perflib_Perfdata_d84.dat + 2006-04-30 06:55 . 2011-12-16 23:57 72428 c:\windows\system32\perfc009.dat - 2006-04-30 06:55 . 2011-12-16 16:03 72428 c:\windows\system32\perfc009.dat + 2006-04-30 06:55 . 2011-12-16 23:57 443016 c:\windows\system32\perfh009.dat - 2006-04-30 06:55 . 2011-12-16 16:03 443016 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-11-06 487424] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864] "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/31/2010 2:32 PM 64288] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 AM 46144] R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [5/10/2008 9:11 AM 1160440] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [5/10/2008 9:24 AM 102400] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/14/2009 2:28 PM 94208] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 6:25 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 AM 253952] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [8/14/2009 2:18 PM 475136] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/14/2009 1:53 PM 244368] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1405384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15232] S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [11/21/2009 10:54 AM 193032] S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [5/5/2010 8:07 AM 143624] S3 MAUSBRI;MAUSBRI;c:\windows\system32\drivers\mausbft8r.sys [12/17/2009 10:27 PM 135688] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752] . Contents of the 'Scheduled Tasks' folder . 2011-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54] . 2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-15 04:01] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-15 04:01] . 2011-12-16 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-14 16:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 172.17.208.1 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-16 19:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\FpWinLogonNp.dll c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll c:\program files\Lenovo Fingerprint Software\SharedResources.dll c:\program files\Lenovo Fingerprint Software\FPResource.dll c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\windows\system32\Ati2evxx.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'explorer.exe'(868) c:\windows\system32\WININET.dll c:\windows\system32\IEFRAME.dll . Completion time: 2011-12-16 19:28:10 ComboFix-quarantined-files.txt 2011-12-17 00:28 ComboFix2.txt 2011-12-16 16:11 . Pre-Run: 16,238,317,568 bytes free Post-Run: 16,213,323,776 bytes free . - - End Of File - - 13FCFB9252B612D61DC8821D4BA34909
  11. hi Cecilia, I did the 2 scans you requested-- logs are below. thanks-- Doug ================================================================= [b]17:38:32.0000 0572 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31[/b] 17:38:32.0750 0572 ============================================================ 17:38:32.0750 0572 Current date / time: 2011/12/16 17:38:32.0750 17:38:32.0750 0572 SystemInfo: 17:38:32.0750 0572 17:38:32.0750 0572 OS Version: 5.1.2600 ServicePack: 3.0 17:38:32.0750 0572 Product type: Workstation 17:38:32.0750 0572 ComputerName: LENOVO-E0DD377A 17:38:32.0750 0572 UserName: Owner 17:38:32.0750 0572 Windows directory: C:\WINDOWS 17:38:32.0750 0572 System windows directory: C:\WINDOWS 17:38:32.0750 0572 Processor architecture: Intel x86 17:38:32.0750 0572 Number of processors: 2 17:38:32.0750 0572 Page size: 0x1000 17:38:32.0750 0572 Boot type: Normal boot 17:38:32.0750 0572 ============================================================ 17:38:33.0265 0572 Initialize success 17:38:36.0906 2652 ============================================================ 17:38:36.0906 2652 Scan started 17:38:36.0906 2652 Mode: Manual; 17:38:36.0906 2652 ============================================================ 17:38:37.0312 2652 Abiosdsk - ok 17:38:37.0359 2652 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 17:38:37.0359 2652 abp480n5 - ok 17:38:37.0390 2652 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 17:38:37.0390 2652 ac97intc - ok 17:38:37.0453 2652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:38:37.0453 2652 ACPI - ok 17:38:37.0468 2652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 17:38:37.0468 2652 ACPIEC - ok 17:38:37.0531 2652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 17:38:37.0531 2652 adpu160m - ok 17:38:37.0578 2652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:38:37.0578 2652 aec - ok 17:38:37.0625 2652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 17:38:37.0640 2652 AFD - ok 17:38:37.0687 2652 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 17:38:37.0687 2652 agp440 - ok 17:38:37.0687 2652 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 17:38:37.0703 2652 agpCPQ - ok 17:38:37.0703 2652 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 17:38:37.0703 2652 Aha154x - ok 17:38:37.0718 2652 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 17:38:37.0718 2652 aic78u2 - ok 17:38:37.0734 2652 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 17:38:37.0734 2652 aic78xx - ok 17:38:37.0765 2652 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 17:38:37.0765 2652 AliIde - ok 17:38:37.0781 2652 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 17:38:37.0781 2652 alim1541 - ok 17:38:37.0812 2652 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 17:38:37.0812 2652 amdagp - ok 17:38:37.0828 2652 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 17:38:37.0843 2652 amsint - ok 17:38:37.0875 2652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 17:38:37.0875 2652 Arp1394 - ok 17:38:37.0890 2652 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 17:38:37.0890 2652 asc - ok 17:38:37.0906 2652 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 17:38:37.0906 2652 asc3350p - ok 17:38:37.0921 2652 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 17:38:37.0937 2652 asc3550 - ok 17:38:37.0968 2652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:38:37.0968 2652 AsyncMac - ok 17:38:37.0984 2652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:38:37.0984 2652 atapi - ok 17:38:38.0000 2652 Atdisk - ok 17:38:38.0171 2652 ati2mtag (1e980a3848067cc5f5d2212f7f7510d8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 17:38:38.0218 2652 ati2mtag - ok 17:38:38.0359 2652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:38:38.0359 2652 Atmarpc - ok 17:38:38.0453 2652 ATSwpWDF (30407fb218940ae61f1aa3821b69f567) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys 17:38:38.0453 2652 ATSwpWDF - ok 17:38:38.0531 2652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:38:38.0531 2652 audstub - ok 17:38:38.0578 2652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:38:38.0578 2652 Beep - ok 17:38:38.0593 2652 btaudio - ok 17:38:38.0625 2652 BTDriver - ok 17:38:38.0640 2652 BTWDNDIS - ok 17:38:38.0656 2652 BTWUSB - ok 17:38:38.0687 2652 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 17:38:38.0687 2652 BVRPMPR5 - ok 17:38:38.0703 2652 catchme - ok 17:38:38.0718 2652 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 17:38:38.0718 2652 cbidf - ok 17:38:38.0734 2652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:38:38.0734 2652 cbidf2k - ok 17:38:38.0765 2652 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 17:38:38.0781 2652 cd20xrnt - ok 17:38:38.0796 2652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:38:38.0796 2652 Cdaudio - ok 17:38:38.0828 2652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:38:38.0828 2652 Cdfs - ok 17:38:38.0843 2652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:38:38.0843 2652 Cdrom - ok 17:38:38.0859 2652 Changer - ok 17:38:38.0921 2652 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:38:38.0921 2652 CmBatt - ok 17:38:38.0937 2652 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 17:38:38.0937 2652 CmdIde - ok 17:38:39.0015 2652 CnxtHdAudService (d0c7315ad6f3f573ef9ba5812432c9d4) C:\WINDOWS\system32\drivers\CHDAU32.sys 17:38:39.0015 2652 CnxtHdAudService - ok 17:38:39.0125 2652 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:38:39.0125 2652 Compbatt - ok 17:38:39.0218 2652 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 17:38:39.0218 2652 Cpqarray - ok 17:38:39.0250 2652 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 17:38:39.0250 2652 dac2w2k - ok 17:38:39.0265 2652 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 17:38:39.0265 2652 dac960nt - ok 17:38:39.0296 2652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:38:39.0296 2652 Disk - ok 17:38:39.0343 2652 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 17:38:39.0359 2652 DLABMFSM - ok 17:38:39.0359 2652 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 17:38:39.0359 2652 DLABOIOM - ok 17:38:39.0375 2652 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 17:38:39.0375 2652 DLACDBHM - ok 17:38:39.0406 2652 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS 17:38:39.0406 2652 DLADResM - ok 17:38:39.0421 2652 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 17:38:39.0421 2652 DLAIFS_M - ok 17:38:39.0453 2652 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 17:38:39.0453 2652 DLAOPIOM - ok 17:38:39.0468 2652 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 17:38:39.0468 2652 DLAPoolM - ok 17:38:39.0484 2652 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 17:38:39.0484 2652 DLARTL_M - ok 17:38:39.0500 2652 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 17:38:39.0500 2652 DLAUDFAM - ok 17:38:39.0515 2652 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 17:38:39.0531 2652 DLAUDF_M - ok 17:38:39.0578 2652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:38:39.0593 2652 dmboot - ok 17:38:39.0640 2652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 17:38:39.0640 2652 dmio - ok 17:38:39.0656 2652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:38:39.0656 2652 dmload - ok 17:38:39.0703 2652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:38:39.0703 2652 DMusic - ok 17:38:39.0734 2652 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 17:38:39.0734 2652 dpti2o - ok 17:38:39.0750 2652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:38:39.0750 2652 drmkaud - ok 17:38:39.0843 2652 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 17:38:39.0859 2652 DRVMCDB - ok 17:38:39.0875 2652 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 17:38:39.0875 2652 DRVNDDM - ok 17:38:39.0906 2652 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 17:38:39.0906 2652 E100B - ok 17:38:39.0968 2652 e1yexpress (96967facc0307093b9098f817a4409e6) C:\WINDOWS\system32\DRIVERS\e1y5132.sys 17:38:39.0968 2652 e1yexpress - ok 17:38:40.0015 2652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:38:40.0031 2652 Fastfat - ok 17:38:40.0046 2652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 17:38:40.0046 2652 Fdc - ok 17:38:40.0062 2652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:38:40.0062 2652 Fips - ok 17:38:40.0078 2652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 17:38:40.0078 2652 Flpydisk - ok 17:38:40.0093 2652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 17:38:40.0109 2652 FltMgr - ok 17:38:40.0125 2652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:38:40.0125 2652 Fs_Rec - ok 17:38:40.0140 2652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:38:40.0140 2652 Ftdisk - ok 17:38:40.0171 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 17:38:40.0171 2652 GEARAspiWDM - ok 17:38:40.0187 2652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:38:40.0187 2652 Gpc - ok 17:38:40.0218 2652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:38:40.0218 2652 HDAudBus - ok 17:38:40.0250 2652 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys 17:38:40.0250 2652 HECI - ok 17:38:40.0296 2652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:38:40.0296 2652 HidUsb - ok 17:38:40.0328 2652 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 17:38:40.0328 2652 hpn - ok 17:38:40.0390 2652 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 17:38:40.0406 2652 HSFHWAZL - ok 17:38:40.0437 2652 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 17:38:40.0468 2652 HSF_DPV - ok 17:38:40.0609 2652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 17:38:40.0625 2652 HTTP - ok 17:38:40.0671 2652 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 17:38:40.0687 2652 i2omgmt - ok 17:38:40.0718 2652 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 17:38:40.0718 2652 i2omp - ok 17:38:40.0750 2652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:38:40.0750 2652 i8042prt - ok 17:38:40.0812 2652 iaStor (abfebc5f846c71afebd7f8f6ba740c03) C:\WINDOWS\system32\DRIVERS\iaStor.sys 17:38:40.0828 2652 iaStor - ok 17:38:40.0843 2652 IBMPMDRV (699052e165698013020d2ac693cd80c7) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 17:38:40.0843 2652 IBMPMDRV - ok 17:38:40.0875 2652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:38:40.0875 2652 Imapi - ok 17:38:40.0921 2652 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 17:38:40.0921 2652 ini910u - ok 17:38:40.0953 2652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 17:38:40.0953 2652 IntelIde - ok 17:38:41.0000 2652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:38:41.0000 2652 intelppm - ok 17:38:41.0031 2652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 17:38:41.0031 2652 Ip6Fw - ok 17:38:41.0140 2652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:38:41.0140 2652 IpInIp - ok 17:38:41.0171 2652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:38:41.0187 2652 IpNat - ok 17:38:41.0203 2652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:38:41.0203 2652 IPSec - ok 17:38:41.0234 2652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:38:41.0234 2652 IRENUM - ok 17:38:41.0265 2652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:38:41.0265 2652 isapnp - ok 17:38:41.0296 2652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:38:41.0296 2652 Kbdclass - ok 17:38:41.0312 2652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:38:41.0328 2652 kbdhid - ok 17:38:41.0343 2652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:38:41.0359 2652 kmixer - ok 17:38:41.0406 2652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 17:38:41.0406 2652 KSecDD - ok 17:38:41.0531 2652 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 17:38:41.0531 2652 Lavasoft Kernexplorer - ok 17:38:41.0546 2652 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 17:38:41.0546 2652 Lbd - ok 17:38:41.0562 2652 lbrtfdc - ok 17:38:41.0625 2652 MAFW (8cb4fa41c156666d21c16a3e57925235) C:\WINDOWS\system32\DRIVERS\mafw.sys 17:38:41.0640 2652 MAFW - ok 17:38:41.0765 2652 MAUSBFTP (a07af79cac2b923d65d51eaad5dafc69) C:\WINDOWS\system32\DRIVERS\mausb.sys 17:38:41.0765 2652 MAUSBFTP - ok 17:38:41.0828 2652 MAUSBRI (9a4d5b314fd6ff6c0ef05d44e800c64a) C:\WINDOWS\system32\DRIVERS\mausbft8r.sys 17:38:41.0828 2652 MAUSBRI - ok 17:38:41.0875 2652 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 17:38:41.0890 2652 mdmxsdk - ok 17:38:41.0937 2652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:38:41.0937 2652 mnmdd - ok 17:38:41.0984 2652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:38:41.0984 2652 Modem - ok 17:38:42.0015 2652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:38:42.0015 2652 Mouclass - ok 17:38:42.0062 2652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:38:42.0062 2652 mouhid - ok 17:38:42.0093 2652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:38:42.0093 2652 MountMgr - ok 17:38:42.0125 2652 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 17:38:42.0140 2652 mraid35x - ok 17:38:42.0156 2652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:38:42.0156 2652 MRxDAV - ok 17:38:42.0218 2652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:38:42.0234 2652 MRxSmb - ok 17:38:42.0343 2652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:38:42.0343 2652 Msfs - ok 17:38:42.0375 2652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:38:42.0375 2652 MSKSSRV - ok 17:38:42.0406 2652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:38:42.0421 2652 MSPCLOCK - ok 17:38:42.0437 2652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:38:42.0437 2652 MSPQM - ok 17:38:42.0468 2652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:38:42.0468 2652 mssmbios - ok 17:38:42.0515 2652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 17:38:42.0515 2652 Mup - ok 17:38:42.0546 2652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:38:42.0546 2652 NDIS - ok 17:38:42.0593 2652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:38:42.0593 2652 NdisTapi - ok 17:38:42.0625 2652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:38:42.0625 2652 Ndisuio - ok 17:38:42.0640 2652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:38:42.0640 2652 NdisWan - ok 17:38:42.0671 2652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 17:38:42.0687 2652 NDProxy - ok 17:38:42.0703 2652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:38:42.0703 2652 NetBIOS - ok 17:38:42.0718 2652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:38:42.0734 2652 NetBT - ok 17:38:42.0953 2652 NETw5x32 (6613ae2cb8de0024f9fe6ba1fb98d43f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 17:38:43.0062 2652 NETw5x32 - ok 17:38:43.0187 2652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 17:38:43.0187 2652 NIC1394 - ok 17:38:43.0218 2652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:38:43.0218 2652 Npfs - ok 17:38:43.0250 2652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:38:43.0265 2652 Ntfs - ok 17:38:43.0359 2652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:38:43.0375 2652 Null - ok 17:38:43.0468 2652 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:38:43.0531 2652 nv - ok 17:38:43.0578 2652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:38:43.0578 2652 NwlnkFlt - ok 17:38:43.0593 2652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:38:43.0593 2652 NwlnkFwd - ok 17:38:43.0656 2652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 17:38:43.0656 2652 ohci1394 - ok 17:38:43.0703 2652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 17:38:43.0703 2652 Parport - ok 17:38:43.0718 2652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:38:43.0718 2652 PartMgr - ok 17:38:43.0750 2652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:38:43.0750 2652 ParVdm - ok 17:38:43.0765 2652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:38:43.0765 2652 PCI - ok 17:38:43.0781 2652 PCIDump - ok 17:38:43.0796 2652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:38:43.0796 2652 PCIIde - ok 17:38:43.0812 2652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 17:38:43.0812 2652 Pcmcia - ok 17:38:43.0828 2652 PDCOMP - ok 17:38:43.0843 2652 PDFRAME - ok 17:38:43.0859 2652 PDRELI - ok 17:38:43.0875 2652 PDRFRAME - ok 17:38:43.0890 2652 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 17:38:43.0890 2652 perc2 - ok 17:38:43.0906 2652 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 17:38:43.0906 2652 perc2hib - ok 17:38:44.0046 2652 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys 17:38:44.0046 2652 pmem - ok 17:38:44.0093 2652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:38:44.0093 2652 PptpMiniport - ok 17:38:44.0125 2652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 17:38:44.0125 2652 Processor - ok 17:38:44.0171 2652 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys 17:38:44.0171 2652 psadd - ok 17:38:44.0187 2652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:38:44.0203 2652 PSched - ok 17:38:44.0234 2652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:38:44.0234 2652 Ptilink - ok 17:38:44.0250 2652 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:38:44.0250 2652 PxHelp20 - ok 17:38:44.0296 2652 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 17:38:44.0296 2652 ql1080 - ok 17:38:44.0375 2652 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 17:38:44.0375 2652 Ql10wnt - ok 17:38:44.0390 2652 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 17:38:44.0390 2652 ql12160 - ok 17:38:44.0406 2652 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 17:38:44.0406 2652 ql1240 - ok 17:38:44.0421 2652 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 17:38:44.0421 2652 ql1280 - ok 17:38:44.0437 2652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:38:44.0437 2652 RasAcd - ok 17:38:44.0453 2652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:38:44.0468 2652 Rasl2tp - ok 17:38:44.0500 2652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:38:44.0500 2652 RasPppoe - ok 17:38:44.0515 2652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:38:44.0515 2652 Raspti - ok 17:38:44.0546 2652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:38:44.0546 2652 Rdbss - ok 17:38:44.0562 2652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:38:44.0562 2652 RDPCDD - ok 17:38:44.0593 2652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:38:44.0593 2652 rdpdr - ok 17:38:44.0640 2652 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 17:38:44.0656 2652 RDPWD - ok 17:38:44.0734 2652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:38:44.0750 2652 redbook - ok 17:38:44.0843 2652 s24trans (2bc0b847cbcfe62a79b18ce0b440334d) C:\WINDOWS\system32\DRIVERS\s24trans.sys 17:38:44.0843 2652 s24trans - ok 17:38:44.0906 2652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:38:44.0906 2652 Secdrv - ok 17:38:44.0937 2652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 17:38:44.0937 2652 serenum - ok 17:38:44.0984 2652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 17:38:44.0984 2652 Serial - ok 17:38:45.0015 2652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:38:45.0015 2652 Sfloppy - ok 17:38:45.0046 2652 Simbad - ok 17:38:45.0093 2652 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 17:38:45.0093 2652 sisagp - ok 17:38:45.0187 2652 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 17:38:45.0187 2652 Sparrow - ok 17:38:45.0250 2652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:38:45.0265 2652 splitter - ok 17:38:45.0312 2652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:38:45.0312 2652 sr - ok 17:38:45.0375 2652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 17:38:45.0390 2652 Srv - ok 17:38:45.0421 2652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:38:45.0421 2652 swenum - ok 17:38:45.0437 2652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:38:45.0453 2652 swmidi - ok 17:38:45.0515 2652 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 17:38:45.0515 2652 symc810 - ok 17:38:45.0531 2652 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 17:38:45.0531 2652 symc8xx - ok 17:38:45.0546 2652 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 17:38:45.0546 2652 sym_hi - ok 17:38:45.0562 2652 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 17:38:45.0562 2652 sym_u3 - ok 17:38:45.0625 2652 SynTP (a81e52df43dc66493eac8ce58fc9b658) C:\WINDOWS\system32\DRIVERS\SynTP.sys 17:38:45.0625 2652 SynTP - ok 17:38:45.0671 2652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:38:45.0671 2652 sysaudio - ok 17:38:45.0750 2652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:38:45.0765 2652 Tcpip - ok 17:38:45.0812 2652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:38:45.0812 2652 TDPIPE - ok 17:38:45.0843 2652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:38:45.0843 2652 TDTCP - ok 17:38:45.0890 2652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:38:45.0890 2652 TermDD - ok 17:38:45.0937 2652 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 17:38:45.0937 2652 TosIde - ok 17:38:45.0984 2652 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 17:38:45.0984 2652 TPHKDRV - ok 17:38:46.0031 2652 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys 17:38:46.0031 2652 tpm - ok 17:38:46.0109 2652 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys 17:38:46.0125 2652 TPPWRIF - ok 17:38:46.0171 2652 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS 17:38:46.0171 2652 TSMAPIP - ok 17:38:46.0265 2652 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys 17:38:46.0265 2652 tvtfilter - ok 17:38:46.0281 2652 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys 17:38:46.0281 2652 TVTI2C - ok 17:38:46.0312 2652 tvtumon (a6e0aafbe64592871f9a9f38a61c1fa5) C:\WINDOWS\system32\DRIVERS\tvtumon.sys 17:38:46.0312 2652 tvtumon - ok 17:38:46.0359 2652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:38:46.0375 2652 Udfs - ok 17:38:46.0437 2652 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 17:38:46.0437 2652 ultra - ok 17:38:46.0484 2652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:38:46.0484 2652 Update - ok 17:38:46.0546 2652 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 17:38:46.0546 2652 USBAAPL - ok 17:38:46.0578 2652 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 17:38:46.0578 2652 usbaudio - ok 17:38:46.0609 2652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:38:46.0609 2652 usbccgp - ok 17:38:46.0640 2652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:38:46.0640 2652 usbehci - ok 17:38:46.0671 2652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:38:46.0671 2652 usbhub - ok 17:38:46.0734 2652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:38:46.0734 2652 usbprint - ok 17:38:46.0765 2652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:38:46.0781 2652 usbscan - ok 17:38:46.0812 2652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:38:46.0812 2652 USBSTOR - ok 17:38:46.0843 2652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:38:46.0843 2652 usbuhci - ok 17:38:46.0875 2652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:38:46.0875 2652 VgaSave - ok 17:38:46.0937 2652 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 17:38:46.0937 2652 viaagp - ok 17:38:47.0062 2652 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 17:38:47.0062 2652 ViaIde - ok 17:38:47.0109 2652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:38:47.0109 2652 VolSnap - ok 17:38:47.0156 2652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:38:47.0156 2652 Wanarp - ok 17:38:47.0250 2652 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 17:38:47.0250 2652 Wdf01000 - ok 17:38:47.0265 2652 WDICA - ok 17:38:47.0328 2652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:38:47.0328 2652 wdmaud - ok 17:38:47.0406 2652 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 17:38:47.0421 2652 winachsf - ok 17:38:47.0500 2652 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 17:38:47.0500 2652 WmiAcpi - ok 17:38:47.0578 2652 MBR (0x1B8) (604dbd9ab9eef4f9d47b13cca580ca9b) \Device\Harddisk0\DR0 17:38:47.0593 2652 \Device\Harddisk0\DR0 - ok 17:38:47.0593 2652 Boot (0x1200) (1b0c2ce902ebbfedc4bea1f409b4290b) \Device\Harddisk0\DR0\Partition0 17:38:47.0593 2652 \Device\Harddisk0\DR0\Partition0 - ok 17:38:47.0593 2652 ============================================================ 17:38:47.0593 2652 Scan finished 17:38:47.0593 2652 ============================================================ 17:38:47.0625 4012 Detected object count: 0 17:38:47.0625 4012 Actual detected object count: 0 17:38:58.0562 2860 Deinitialize success ================================================================= [b]aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software[/b] Run date: 2011-12-16 17:41:25 ----------------------------- 17:41:25.171 OS Version: Windows 5.1.2600 Service Pack 3 17:41:25.171 Number of processors: 2 586 0x1706 17:41:25.171 ComputerName: LENOVO-E0DD377A UserName: Owner 17:41:26.218 Initialize success 17:41:48.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:41:48.656 Disk 0 Vendor: HITACHI_ DCDZ Size: 152627MB BusType: 3 17:41:48.656 Disk 0 MBR read successfully 17:41:48.656 Disk 0 MBR scan 17:41:48.656 Disk 0 unknown MBR code 17:41:48.656 Disk 0 scanning sectors +312578048 17:41:48.718 Disk 0 scanning C:\WINDOWS\system32\drivers 17:41:56.296 Service scanning 17:41:57.734 Modules scanning 17:42:03.625 Disk 0 trace - called modules: 17:42:03.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 17:42:03.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a717030] 17:42:03.640 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a753710] 17:42:03.640 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a1ce028] 17:42:03.640 Scan finished successfully 17:42:31.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat" 17:42:31.359 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  12. hi Cecilia-- I ran ComboFix this morning. NOTE: before it started scanning, it popped up a warning message that I had the 'zero access rootkit' which could be difficult to remove. Anyway, the log is below, let me know what you think, thanks-- Doug ===================================================== [b]ComboFix 11-12-16.01 - Owner 12/16/2011 10:58:50.8.2 - x86[/b] Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.1585 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Owner\Local Settings\Application Data\qme.exe c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk c:\windows\$NtUninstallKB27550$ c:\windows\$NtUninstallKB27550$\1132537887\@ c:\windows\$NtUninstallKB27550$\1132537887\bckfg.tmp c:\windows\$NtUninstallKB27550$\1132537887\cfg.ini c:\windows\$NtUninstallKB27550$\1132537887\Desktop.ini c:\windows\$NtUninstallKB27550$\1132537887\keywords c:\windows\$NtUninstallKB27550$\1132537887\kwrd.dll c:\windows\$NtUninstallKB27550$\1132537887\L\hvmonmrs c:\windows\$NtUninstallKB27550$\1132537887\lsflt7.ver c:\windows\$NtUninstallKB27550$\1132537887\U\[email protected] c:\windows\$NtUninstallKB27550$\1132537887\U\[email protected] c:\windows\$NtUninstallKB27550$\1132537887\U\[email protected] c:\windows\$NtUninstallKB27550$\1132537887\U\[email protected] c:\windows\$NtUninstallKB27550$\1132537887\U\[email protected] c:\windows\$NtUninstallKB27550$\1132537887\U\[email protected] c:\windows\$NtUninstallKB27550$\215832860 c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll . . ((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 ))))))))))))))))))))))))))))))) . . 2011-12-03 01:27 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-12-03 01:27 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-11 23:13 . 2006-04-30 06:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-06-25 02:21 . 2011-06-11 02:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-11-06 487424] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864] "MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/31/2010 2:32 PM 64288] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 AM 46144] R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [5/10/2008 9:11 AM 1160440] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [5/10/2008 9:24 AM 102400] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/14/2009 2:28 PM 94208] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 6:25 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 AM 253952] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [8/14/2009 2:18 PM 475136] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/14/2009 1:53 PM 244368] R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [5/5/2010 8:07 AM 143624] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1405384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15232] S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [11/21/2009 10:54 AM 193032] S3 MAUSBRI;MAUSBRI;c:\windows\system32\drivers\mausbft8r.sys [12/17/2009 10:27 PM 135688] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752] . Contents of the 'Scheduled Tasks' folder . 2011-12-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54] . 2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-15 04:01] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-15 04:01] . 2011-12-16 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-14 16:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . SafeBoot-02285106.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-16 11:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\FpWinLogonNp.dll c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll c:\program files\Lenovo Fingerprint Software\SharedResources.dll c:\program files\Lenovo Fingerprint Software\FPResource.dll c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\windows\system32\Ati2evxx.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'explorer.exe'(752) c:\windows\system32\WININET.dll c:\windows\system32\IEFRAME.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\windows\system32\Ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\wdfmgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-12-16 11:11:56 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-16 16:11 . Pre-Run: 15,452,798,976 bytes free Post-Run: 16,223,088,640 bytes free . - - End Of File - - E57F728D06B35B0048FA6A225B3FF60E
  13. hi Cecilia, I was finally able to get into VirusTotal. However I could only find one of the 3 files you asked me to check (details below): ============================================================ C:\Documents and Settings\Owner\Local Settings\Application Data\qme.exe http://www.virustotal.com/file-scan/report.html?id=9ed4c4f5285ef8665d32de4a71322eea0bd20ef0ce6afbf5bc716a1f0a2ee686-1323659135 C:\Documents and Settings\Owner\Local Settings\Application Data\vssccn8v5nix1mvd1ytf7e741l7k I don't see this file in this location (could it be hidden?) C:\Documents and Settings\All Users\Application Data\vssccn8v5nix1mvd1ytf7e741l7k I don't see this file in this location (could it be hidden?) ============================================================ RE: those old files-- as a matter of fact I did have infections in early January and May last year-- perhaps leftovers from then? And Bittorrent shouldn't be the source of the problem-- I only use it to transfer data files w/ a legitimate music provider. thanks-- Doug
  14. hi Cecelia, thanks for following up on this. I'm having trouble getting onto the VirusTotal site-- maybe their servers are too busy right now. I'll try again later today. Thanks-- Doug
  15. hi, I managed to get infected with 'XP Security 2012' malware today. I was worried that I might lose data files, so I followed removal instructions from Bleepingcomputer.com (http://www.bleepingcomputer.com/virus-removal/remove-xp-internet-security-2012). In a nutshell, here's what I did: 1) Ran a regedit fix (FixNCR.reg) 2) Ran RKill (a couple times) 3) Ran MBAM and removed some items: ============================================================ Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\Owner\local settings\temp\0.35293488460007694.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\documents and settings\Owner\local settings\temp\0.7505136834436666.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. ============================================================ 4) Rebooted and re-ran MBAM and scan showed no infections. After this the machine was stable but the internet connection was transferring data rapidly in the background and in the Task Manager I could see "Ping.exe" using a large amount of resources. I tried ending the Ping.exe process but it would always restart within a minute. So lastly I ran TDSS and it found and cured one item: ============================================================ 18:12:02.0000 3828 Detected object count: 1 18:12:02.0000 3828 Actual detected object count: 1 18:12:10.0218 3828 Backup copy found, using it.. 18:12:10.0218 3828 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot 18:12:12.0234 3828 IPSec ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure 18:12:38.0531 1532 Deinitialize success ============================================================ Rebooted and did one more full MBAM scan and the logs show no infection. The machine seems to be working normally now, Ping.exe is no longer appearing in the Task Manager and the background data transfer seems to have stopped. So my question today is: could have a glance at this OTL log and let me know if there's any other crap still lurking? thanks-- Doug ============================================================ [b]OTL logfile created on: 12/11/2011 8:04:20 PM - Run 1[/b] OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 73.58% Memory free 3.81 Gb Paging File | 3.40 Gb Available in Paging File | 89.19% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.30 Gb Total Space | 14.61 Gb Free Space | 10.20% Space Free | Partition Type: NTFS Computer Name: LENOVO-E0DD377A | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3152.38760__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3152.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3152.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3152.38941__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3152.38752__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3152.38738__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3152.38973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3152.38905__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3152.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3152.38980__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3152.38919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3152.38732__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3152.38912__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3152.38871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3152.38785__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3152.38858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3152.38739__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3152.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3152.38899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3152.38865__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3152.38778__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3152.38887__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3152.38886__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3152.38898__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3076.23108__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3152.38954__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3152.38746__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3152.38963__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3152.38961__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3152.38711__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3152.38710__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3152.38992__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3152.39004__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3152.38709__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3152.38725__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3152.38710__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3152.38708__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3152.38709__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3152.38962__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL () MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll () MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll () ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (MAUSBRI) -- C:\WINDOWS\system32\drivers\mausbft8r.sys (Avid Technology, Inc.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\WINDOWS\system32\drivers\mausb.sys (Avid Technology, Inc.) DRV - (MAFW) -- C:\WINDOWS\system32\drivers\mafw.sys (Avid Technology, Inc.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 21:21:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/10 21:06:08 | 000,000,000 | ---D | M] [2009/08/25 23:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2011/11/01 22:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions [2009/09/25 20:15:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/10/31 10:43:54 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\d431kdyv.default\extensions\[email protected] [2011/06/10 09:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/17 18:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D431KDYV.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D431KDYV.DEFAULT\EXTENSIONS\[email protected] [2010/07/17 18:28:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/06/24 21:21:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/07/17 18:28:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/06/10 21:05:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml Hosts file not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\maFwTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24727129-C43F-449E-91ED-CE028E4B60A5}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/11 18:39:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2011/12/11 18:08:01 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com [2011/12/11 13:31:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\qme.exe [2011/12/02 20:27:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2011/11/24 19:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Maine_vac_pix [2011/11/22 20:33:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/11 19:31:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005UA.job [2011/12/11 19:07:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2011/12/11 18:39:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2011/12/11 18:18:48 | 000,443,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/12/11 18:18:48 | 000,072,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/12/11 18:14:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/11 18:14:02 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2011/12/11 18:13:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/11 18:13:52 | 2107,645,952 | -HS- | M] () -- C:\hiberfil.sys [2011/12/11 18:11:36 | 001,557,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(3).zip [2011/12/11 18:08:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com [2011/12/11 15:31:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2790006754-187732043-1928724902-1005Core.job [2011/12/11 14:50:54 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iExplore.exe.lnk [2011/12/11 14:47:59 | 000,014,606 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/11 14:47:59 | 000,014,606 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/11 13:31:58 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\qme.exe [2011/12/10 23:15:39 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2011/12/10 23:15:39 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2011/12/10 23:15:33 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2011/12/10 23:15:33 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2011/12/09 11:34:23 | 000,009,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adz.jpg [2011/11/23 18:21:18 | 000,033,783 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lani-kate.jpg [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/11 18:11:33 | 001,557,928 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(3).zip [2011/12/11 15:27:29 | 2107,645,952 | -HS- | C] () -- C:\hiberfil.sys [2011/12/11 14:50:54 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to iExplore.exe.lnk [2011/12/11 13:31:58 | 000,014,606 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/11 13:31:58 | 000,014,606 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vssccn8v5nix1mvd1ytf7e741l7k [2011/12/09 11:34:22 | 000,009,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adz.jpg [2011/11/23 18:21:18 | 000,033,783 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lani-kate.jpg [2011/08/26 22:09:00 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\MapReverseConverter.dat [2011/06/01 08:03:30 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011/06/01 08:03:30 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011/06/01 08:03:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll [2011/05/24 22:10:17 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15720228 [2011/05/24 21:24:19 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16768804r [2011/05/24 21:24:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16768804 [2011/05/24 21:24:00 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16768804 [2011/03/17 21:05:27 | 000,010,622 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1368123653 [2011/03/17 21:05:27 | 000,010,622 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1368123653 [2011/01/01 23:18:41 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~lCkU6kZH [2011/01/01 23:18:41 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~lCkU6kZHr [2011/01/01 23:18:01 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lCkU6kZH [2010/12/31 16:19:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/12/23 23:53:33 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/25 08:40:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/16 20:49:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/26 09:51:28 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/08/26 09:51:28 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/08/26 09:51:28 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/08/25 23:07:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/08/14 14:34:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/14 14:28:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2009/08/14 14:28:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2009/08/14 14:28:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009/08/14 14:25:39 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009/08/14 14:25:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/14 14:23:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/08/14 14:23:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/08/14 14:23:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/08/14 14:23:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/08/14 14:23:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/08/14 14:23:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/08/14 14:17:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/08/14 14:13:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009/08/14 14:13:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/08/14 14:13:36 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/08/14 14:13:36 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/08/14 14:13:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe [2009/08/14 14:08:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2009/08/14 14:00:21 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config [2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/04/30 01:55:55 | 000,443,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/04/30 01:55:55 | 000,072,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/04/29 19:03:29 | 001,464,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2009/08/26 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton [2009/12/05 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/01/22 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen [2009/08/14 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/14 14:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2010/09/19 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009/08/14 14:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2010/12/31 14:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2010/08/02 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/03/04 21:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14} [2009/08/26 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ableton [2011/11/28 23:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent [2009/08/14 14:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CachedFiles [2010/09/19 17:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/05/16 20:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CVS [2010/02/22 21:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EditPlus 3 [2011/01/22 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen [2010/02/03 22:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla [2010/03/04 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo [2009/08/31 20:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lenovo [2010/06/17 08:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++ [2010/05/14 16:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera [2009/11/07 23:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers [2010/04/20 21:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RadarSync [2009/11/07 23:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony [2011/12/11 19:07:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2011/12/11 18:14:02 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== < End of report > ============================================================ [b]OTL Extras logfile created on: 12/11/2011 8:04:20 PM - Run 1[/b] OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 73.58% Memory free 3.81 Gb Paging File | 3.40 Gb Available in Paging File | 89.19% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.30 Gb Total Space | 14.61 Gb Free Space | 10.20% Space Free | Partition Type: NTFS Computer Name: LENOVO-E0DD377A | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{00D52656-9476-D632-7222-9D13CF604AC1}" = CCC Help Chinese Standard "{018D64CF-C250-C3BF-0EDA-18D91C0F6991}" = CCC Help German "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{06D67376-B141-4834-F013-AF6AADA311D0}" = CCC Help Japanese "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{096DC054-B714-15A2-B27B-F60E357E3298}" = Catalyst Control Center Localization Chinese Traditional "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{1046FEEF-0E56-1BFA-A30D-CCF76033D2D0}" = CCC Help Korean "{1331A8E9-0016-9088-3AEA-77674B21332A}" = Catalyst Control Center Localization Spanish "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{228E6165-6094-BEB5-1060-6433A764F83E}" = Catalyst Control Center Graphics Light "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{2536D050-5732-AC7A-57BA-CF6B6CDB7891}" = CCC Help Italian "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8 "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}" = Mobile Broadband Connect "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{394B9590-D033-48DF-4192-F9D7E30D864D}" = Catalyst Control Center Localization Dutch "{3A0D18CF-F88B-793C-9850-6CF94098066E}" = CCC Help English "{3A555D42-3319-C9CC-CA14-C2E09BF39DA8}" = CCC Help Swedish "{3CA80684-C774-DCCC-07AE-AF334B3EF640}" = Catalyst Control Center Localization Korean "{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro "{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation "{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager "{463C787F-36E4-DA3B-BBF4-5B2435E9D479}" = Catalyst Control Center Graphics Full New "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 "{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin "{5DABC01A-1F62-03FC-C534-2ECDB14BE3C3}" = Catalyst Control Center Localization German "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7101ADEA-382D-0948-C0EC-4CB819F8554A}" = Catalyst Control Center Localization Japanese "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{834B66D1-FE75-D398-43F8-B7C21967D328}" = Catalyst Control Center Graphics Full Existing "{852AFD2D-07CC-46FD-A159-671102782771}" = Intel® PROSet/Wireless WiFi Software "{881B2B74-D94D-8F10-310A-21913A855341}" = Catalyst Control Center Localization Chinese Standard "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{8A5103C3-CE17-0E29-4D9A-A393F14FD09E}" = Skins "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{8EF140A7-B1D6-464E-82B4-C8925202FE54}" = Lenovo Fingerprint Software "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{97B70764-23F4-AC4B-E4FE-DDB0C49D4FCD}" = ccc-utility "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AAE8E1E7-195C-5F7E-9EA1-BD0293D57D56}" = CCC Help Portuguese "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client "{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition "{B22CB02F-2AF7-998A-B46A-C1C2F417F066}" = CCC Help French "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4EA26E7-3E4B-4ACA-AD2A-199C85AD7432}" = Scheduler Updater "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BBD72C8A-9025-329C-CA53-9C26DD82B5A4}" = Catalyst Control Center Core Implementation "{BC681FE2-C1DB-E014-0927-D7BC700222C5}" = Catalyst Control Center Localization Swedish "{BF601C77-CF55-A682-31C4-38B6DC5561BB}" = Catalyst Control Center Localization Italian "{BF742991-5A80-AF94-9EBE-E94DCFC95046}" = ccc-core-static "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C33D8895-0DB6-051D-6F10-3ED075C5C61B}" = ccc-core-preinstall "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D249DF1E-371F-5711-9364-D50C515C7CEA}" = CCC Help Dutch "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9CF5E60-42B1-489B-A0E2-9A6EE3DEB969}" = FireWire Family "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{DC536DD4-18B5-4BD3-DDD3-ADD2386E784A}" = CCC Help Chinese Traditional "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E08D43A0-076A-AC94-3A2C-3491C09BCD48}" = Catalyst Control Center Localization Portuguese "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EA26983C-5A88-4A83-973D-D9596C6733F6}" = Fast Track Ultra 8R "{EA432904-149A-963E-24C9-D4C3D9AC1750}" = Catalyst Control Center Localization French "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FA5E1232-E4C3-A2DD-8D95-596E6288DE64}" = CCC Help Spanish "17D5EDB8CF9DBD67DDA7675D6772B06BA5809565" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3) "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BitTorrent" = BitTorrent "CCleaner" = CCleaner (remove only) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX Setup "EditPlus 3" = EditPlus 3 "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.3.1 "FLV Player" = FLV Player 2.0 (build 25) "HECI" = Intel® Management Engine Interface "HijackThis" = HijackThis 2.0.2 "HTMLKit_is1" = HTML-Kit "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ITPM" = Intel® Trusted Platform Module "Lenovo Registration" = Lenovo Registration "Live 7.0.16" = Live 7.0.16 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "Native Instruments Service Center" = Native Instruments Service Center "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notepad++" = Notepad++ "OnScreenDisplay" = On Screen Display "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "PCMCIAPW" = ThinkPad PC Card Power Policy "Picasa 3" = Picasa 3 "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "PROSet" = Intel® Network Connections Drivers "rgc:audio z3ta+ Wavetable Synthesizer_is1" = rgc:audio z3ta+ "SynTPDeinstKey" = ThinkPad UltraNav Driver "TagScanner_is1" = TagScanner 5.1 build 553 "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Vir2 Instruments VI.ONE" = Vir2 Instruments VI.ONE "Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMCSetup" = Windows Media Connect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/11/2011 4:52:01 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: The connection with the server was terminated abnormally Error - 12/11/2011 4:52:01 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: This network connection does not exist. Error - 12/11/2011 5:01:00 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: The connection with the server was terminated abnormally Error - 12/11/2011 5:01:00 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: This network connection does not exist. Error - 12/11/2011 5:07:29 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt> with error: The connection with the server was terminated abnormally Error - 12/11/2011 5:07:29 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt> with error: The connection with the server was terminated abnormally Error - 12/11/2011 5:07:29 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt> with error: This network connection does not exist. Error - 12/11/2011 5:07:29 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt> with error: This network connection does not exist. Error - 12/11/2011 6:55:28 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt> with error: The connection with the server was terminated abnormally Error - 12/11/2011 6:55:28 PM | Computer Name = LENOVO-E0DD377A | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt> with error: This network connection does not exist. [ System Events ] Error - 12/11/2011 6:56:55 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 6:59:53 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:00:25 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:01:22 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:02:53 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:06:24 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:07:56 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:10:14 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/11/2011 7:14:00 PM | Computer Name = LENOVO-E0DD377A | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 12/11/2011 7:14:21 PM | Computer Name = LENOVO-E0DD377A | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 < End of report >