Jump to content

brudi

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. McAfee is provided free of charge with our Comcast account, so getting rid of it is no problem. Thanks for the AV-Comparables link ... very nice. I plan on having a replacement for McAfee by the end of the weekend. And I'm going to license my copy of MBAM, already has paid for itself a couple of times over. My wife and I are really liking the Safari browser. We've got it on the laptop, I'm going to install Chrome on my desktop and she's going to install Firefox. Do a little Browser-Comparables of our own. I can honestly say that I never knew these were alternatives to IE ... and they're better! Surprisingly enough we're actually happy this happened, really opened our eyes. Anyway, thank you again for all of your help and direction in running a safer environment.
  2. Perplexus Sorry for the delay in getting back to you ... a very busy day at the office. Please let me start by trying to communicate my appreciation for all of your hard work. This pc was just put into service a little over a month ago and to have this happen gives one very little hope for happy surfing in the Microsoft world. Anyway, with people working very hard on both sides of this fence, I sure am happy your on the safe side. Your patience with the clueless (me), the detailed instructions and your can-do attitude really helped at every turn. Thank you very much! I appreciate the rest of your post. Your recommendations will be heeded and I'll feel better about our pc security. One question. Is McAfee lacking the capability to protect this pc? Or is malware not really a part of any anti-virus software? I guess what I'm asking is, is it worth the while to keep McAfee and just add to it? Or replace it with a combo of what you are recommending? Again, thanks a million for all your help.
  3. Machine still appears to be running fine! MBAM log follows ... Malwarebytes' Anti-Malware 1.41 Database version: 3135 Windows 5.1.2600 Service Pack 3 11/9/2009 4:12:51 PM mbam-log-2009-11-09 (16-12-51).txt Scan type: Quick Scan Objects scanned: 126442 Time elapsed: 3 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) KasReport.txt follows ... -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 9, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 09, 2009 22:48:02 Records in database: 3184328 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 91416 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:09:16 No threats found. Scanned area is clean. Selected area has been scanned.
  4. I understand completely, I'd rather not have you do heart surgery either I'm sorry this is going slower than you probably expect, I'm making every attempt to return to this matter as soon as I possibly can. The hosts file editing went well, I also had to uncheck the read-only attribute (I may have missed this before), on the general tab, when looking at the properties of the hosts file. The OTL log follows ... OTL logfile created on: 11/9/2009 11:43:28 AM - Run 3 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.48 Gb Total Space | 207.55 Gb Free Space | 90.45% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIANE Current User Name: Di Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE () PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE () PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe () PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.) PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.) PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited) MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll (Lenovo Group Limited) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- File not found SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys () DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M] O1 HOSTS File: (19 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe () O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE () O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe [2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal [2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe [2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager [2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys [2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes [2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee [2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87 [2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll [2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll ========== Files - Modified Within 30 Days ========== [2009/11/09 11:40:43 | 00,007,331 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/11/09 11:40:28 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/09 11:39:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/09 11:39:56 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys [2009/11/09 11:39:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/09 11:39:24 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT [2009/11/09 11:39:24 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini [2009/11/09 11:39:22 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db [2009/11/09 11:38:16 | 00,000,019 | -HS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/09 11:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/11/09 11:19:00 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini [2009/11/09 11:18:59 | 00,041,541 | ---- | M] () -- C:\WINDOWS\alaredun.ini [2009/11/07 22:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/07 22:38:58 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe [2009/11/06 23:38:11 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com [2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe [2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat [2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe [2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk [2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx [2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe ========== Files Created - No Company Name ========== [2009/11/09 11:39:56 | 31,847,75168 | -HS- | C] () -- C:\hiberfil.sys [2009/11/09 11:18:59 | 00,041,541 | ---- | C] () -- C:\WINDOWS\alaredun.ini [2009/11/06 23:38:10 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com [2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat [2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/06 08:51:31 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe [2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk [2009/11/04 12:54:22 | 00,007,331 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF [2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx [2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini [2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini [2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll [2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll [2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll [2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll [2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll [2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll [2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll [2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll [2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll [2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll [2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll [2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll [2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll [2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll [2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll [2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll [2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll [2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll [2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll [2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll [2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini [2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat [2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini [2009/08/26 17:21:17 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db [2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini [2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont ========== LOP Check ========== [2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87 [2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode [2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO [2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr [2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations [2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo [2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search [2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search [2009/11/09 11:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2009/11/09 11:39:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >
  5. I had a great weekend also Unfortunately, I had little success editing the hosts file. After changing the folder view as you instructed and unsuccessfully saving the hosts file, I checked the properties of the file and also removed the check for the read-only attribute. I was still not able to save the file after editing it. The message I received each time was: Cannot create C:\WINDOWS\system32\drivers\etc\hosts file Make sure that the path and filename are correct. Also, now that I can see the file (thanks, I thought there was a way to see system/hidden files), it has a creation date of 11/04/2009 and time of around 5 pm. Approximately the same day and time things weren't looking good on this end. Please don't get discouraged, you're my only hope in fixing this thing.
  6. The machine appears to be running just fine. No real problems to note. I know the hosts file is a system/hidden file, but can't I set the options for something like windows explorer to see this file? I'm just curious as to whether this file can just be deleted, but I haven't been able to actually see it listed in the folder. BTW, I hope you had a good weekend! exeHelper logfile follows .. exeHelper by Raktor Build 20091021 Run at 08:50:42 on 11/07/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- The running of HosteXpert ran the exact same way as before .. Received a warning - Your hosts file is marked as a "system file" and can not be manipulated. Press OK to remove system file attributes, CANCEL to quit. HostsXpert will not reset the attributes. Clicked on OK Received a warning - Your hosts file is marketd as a "hidden file" and can not be manipulted. Press OK to remove the hidden file attributes, CANCEL to quit. HostsXpert wil not reset the attriubtes. Clicked OK The contents of the hosts file was displayed. Clicked on Restore MS Hosts File Received Confirmation Clicked on OK Received Error - Cannot create file C:\windows\system32\driver\ETC\hosts Clicked on OK HostsXpert program closed The ComboFix log file follows .. ComboFix 09-11-07.02 - Di 11/07/2009 22:48.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2297 [GMT -5:00] Running from: c:\documents and settings\Di\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Di\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-06 21:20 . 2009-11-06 21:45 -------- d-----w- C:\RootRepeal 2009-11-06 21:20 . 2009-11-06 21:20 0 ----a-w- c:\documents and settings\Di\settings.dat 2009-11-06 13:40 . 2009-11-06 13:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-11-06 13:36 . 2009-11-06 13:36 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll 2009-11-06 13:36 . 2009-11-06 13:36 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll 2009-11-06 13:36 . 2009-11-06 13:36 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll 2009-11-06 13:36 . 2009-11-06 13:36 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll 2009-11-06 13:36 . 2009-11-06 13:36 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe 2009-11-06 13:36 . 2009-11-06 13:36 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll 2009-11-06 13:36 . 2009-11-06 13:36 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-11-06 13:36 . 2009-11-06 13:36 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll 2009-11-06 13:36 . 2009-11-06 13:36 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll 2009-11-06 13:36 . 2009-11-06 13:36 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll 2009-11-06 13:36 . 2009-11-06 13:36 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-11-05 18:48 . 2009-11-05 18:49 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager 2009-11-05 18:26 . 2009-11-05 18:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-11-04 18:41 . 2009-11-04 18:41 -------- d-----w- c:\program files\Trend Micro 2009-11-04 17:58 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Application Data\SACore 2009-11-04 17:54 . 2009-11-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-11-04 17:51 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-04 17:51 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-04 17:51 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-04 17:51 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Common Files\McAfee 2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\McAfee.com 2009-11-04 17:50 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\Di\Application Data\Malwarebytes 2009-11-04 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 16:41 . 2009-11-06 13:32 -------- d-----w- c:\program files\McAfee 2009-11-04 15:41 . 2009-11-04 15:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\914fd87 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 17:55 . 2009-08-27 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-12 18:10 . 2009-08-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\alamode 2009-10-08 16:56 . 2009-09-12 14:26 2322 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-10-01 19:01 . 2009-10-01 19:00 -------- d-----w- c:\program files\Common Files\Logishrd 2009-10-01 19:01 . 2009-08-28 22:24 -------- d-----w- c:\program files\Common Files\Logitech 2009-10-01 19:00 . 2009-10-01 19:00 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe 2009-10-01 19:00 . 2009-08-13 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-22 22:39 . 2009-08-13 14:53 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-16 15:22 . 2009-01-09 17:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-14 19:44 . 2009-09-14 19:38 -------- d-----w- c:\documents and settings\Di\Application Data\Apple Computer 2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\program files\iTunes 2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\iPod 2009-09-14 19:37 . 2009-09-14 19:35 -------- d-----w- c:\program files\Common Files\Apple 2009-09-14 19:37 . 2009-09-14 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\Bonjour 2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\QuickTime 2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\program files\Apple Software Update 2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-09-14 17:45 . 2009-09-14 17:45 34056 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll 2009-09-14 17:45 . 2009-09-14 17:45 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-09-14 17:45 . 2009-09-14 17:45 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll 2009-09-14 17:45 . 2009-09-14 17:45 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll 2009-09-14 17:39 . 2009-09-14 17:39 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe 2009-09-14 17:39 . 2009-09-14 17:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll 2009-09-14 17:39 . 2009-09-14 17:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll 2009-09-12 14:17 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10 2009-09-12 14:07 . 2009-09-12 14:07 -------- d-----w- c:\program files\Common Files\supportsoft 2009-09-12 14:07 . 2009-08-13 15:09 91896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 14:04 . 2009-09-12 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-09-12 14:02 . 2009-09-12 13:59 -------- d-----w- c:\program files\Common Files\Intuit 2009-09-12 13:52 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES 2009-09-10 21:49 . 2009-08-13 15:12 -------- d-----w- c:\program files\Microsoft Small Business 2009-09-10 21:48 . 2009-08-13 15:07 -------- d-----w- c:\program files\Microsoft.NET 2009-09-10 21:47 . 2009-08-13 15:10 -------- d-----w- c:\program files\Microsoft SQL Server 2009-09-10 21:07 . 2009-08-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\program files\Microsoft Works 2009-09-10 20:01 . 2009-08-13 14:57 -------- d-----w- c:\program files\Java 2009-09-10 20:00 . 2009-09-10 20:00 152576 ----a-w- c:\documents and settings\Di\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-09-10 18:54 . 2009-08-29 00:03 -------- d-----w- c:\program files\a la mode 2009-09-09 21:34 . 2009-09-09 21:34 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Search 2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Desktop Search 2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\program files\Windows Desktop Search 2009-09-09 01:43 . 2009-09-09 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe 2009-08-31 18:25 . 2009-08-31 18:25 1886320 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM120.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM112.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM105.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM100.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM090.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM080.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ADATA095.fot 2009-08-27 02:12 . 2009-08-27 02:12 125 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\fusioncache.dat 2009-08-13 15:09 . 2009-09-12 14:11 83904 ----a-w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-13 15:09 . 2009-08-26 22:21 83904 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-13 15:01 . 2009-08-13 15:01 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys 2009-08-13 15:01 . 2009-08-13 15:01 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys 2009-08-13 14:55 . 2009-09-12 14:11 10134 ----a-r- c:\documents and settings\QBDataServiceUser19\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:55 . 2009-08-26 22:21 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:55 . 2009-08-26 22:20 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:55 . 2009-08-13 14:55 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:48 . 2009-08-13 14:48 319488 ----a-w- c:\windows\HideWin.exe . ((((((((((((((((((((((((((((( SnapShot@2009-11-06_14.08.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-07 14:10 . 2009-11-07 14:10 16384 c:\windows\Temp\Perflib_Perfdata_b98.dat + 2009-11-07 14:10 . 2009-11-07 14:10 16384 c:\windows\Temp\Perflib_Perfdata_80c.dat + 2009-08-26 20:53 . 2009-11-08 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-08-26 20:53 . 2009-11-06 13:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-11-06 17:47 . 2009-11-08 03:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-08-26 20:53 . 2009-11-06 13:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-23 393216] "PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-24 72256] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248] "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336] "The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 805392] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"= "c:\\Program Files\\a la mode\\Sched\\eSched.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 11:43 AM 210216] R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 9:51 AM 64064] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448] R3 QuickBooksDB19;QuickBooksDB19;c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?] R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 4:33 PM 5760] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752] S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54] 2009-11-04 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22] 2009-11-04 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22] 2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] 2009-08-13 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 09:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 22:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'explorer.exe'(5680) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll . Completion time: 2009-11-08 22:53 ComboFix-quarantined-files.txt 2009-11-08 03:53 ComboFix2.txt 2009-11-06 14:10 Pre-Run: 222,932,140,032 bytes free Post-Run: 222,901,211,136 bytes free - - End Of File - - 3879AE236D2C7B720D6604C56317AF74 The OTL logfile follows .. OTL logfile created on: 11/7/2009 10:57:21 PM - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.48 Gb Total Space | 207.61 Gb Free Space | 90.47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIANE Current User Name: Di Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE () PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE () PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.) PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.) PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- File not found SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys () DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M] O1 HOSTS File: (6575 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 88.198.198.204 google.ae O1 - Hosts: 88.198.198.204 google.as O1 - Hosts: 88.198.198.204 google.at O1 - Hosts: 88.198.198.204 google.az O1 - Hosts: 88.198.198.204 google.ba O1 - Hosts: 88.198.198.204 google.be O1 - Hosts: 88.198.198.204 google.bg O1 - Hosts: 88.198.198.204 google.bs O1 - Hosts: 88.198.198.204 google.ca O1 - Hosts: 88.198.198.204 google.cd O1 - Hosts: 88.198.198.204 google.com.gh O1 - Hosts: 88.198.198.204 google.com.hk O1 - Hosts: 88.198.198.204 google.com.jm O1 - Hosts: 88.198.198.204 google.com.mx O1 - Hosts: 88.198.198.204 google.com.my O1 - Hosts: 88.198.198.204 google.com.na O1 - Hosts: 88.198.198.204 google.com.nf O1 - Hosts: 88.198.198.204 google.com.ng O1 - Hosts: 193 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe () O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE () O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe [2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal [2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe [2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager [2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys [2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes [2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee [2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87 [2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll [2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll ========== Files - Modified Within 30 Days ========== [2009/11/07 22:54:36 | 00,007,005 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/11/07 22:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/07 22:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/07 22:38:58 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe [2009/11/07 14:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/11/07 09:10:54 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/07 09:10:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/07 09:10:12 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys [2009/11/07 08:57:15 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT [2009/11/07 08:56:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini [2009/11/06 23:38:11 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com [2009/11/06 17:25:08 | 00,041,538 | ---- | M] () -- C:\WINDOWS\alaredun.ini [2009/11/06 17:25:08 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini [2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe [2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat [2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe [2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk [2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/04 12:20:46 | 00,006,575 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/04 11:38:20 | 07,475,184 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db [2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx [2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe ========== Files Created - No Company Name ========== [2009/11/07 09:10:12 | 31,847,75168 | -HS- | C] () -- C:\hiberfil.sys [2009/11/06 23:38:10 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com [2009/11/06 17:25:07 | 00,041,538 | ---- | C] () -- C:\WINDOWS\alaredun.ini [2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat [2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/06 08:51:31 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe [2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk [2009/11/04 12:54:22 | 00,007,005 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF [2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx [2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini [2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini [2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll [2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll [2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll [2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll [2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll [2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll [2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll [2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll [2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll [2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll [2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll [2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll [2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll [2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll [2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll [2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll [2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll [2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll [2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll [2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll [2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini [2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat [2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini [2009/08/26 17:21:17 | 07,475,184 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db [2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini [2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont ========== LOP Check ========== [2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87 [2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode [2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO [2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr [2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations [2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo [2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search [2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search [2009/11/07 14:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2009/11/07 22:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >
  7. Have a great weekend! I'll have the results for you when you get back.
  8. The system appears to have ended any redirects of Google searches to the GALA search engine. Also, I noticed (prior to your help on this matter) that IE was running very slow. Now, it appears to run normal. However, I am now a little concerned over the hosts file and the fact that ComboFix reported seeing the Windows Enterprise Suite as a viable anit-virius program running on this pc. I have attached the RootRepeal report file and the OTL.txt and Extras.txt files are as follows: OTL logfile created on: 11/6/2009 5:15:24 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.48 Gb Total Space | 207.64 Gb Free Space | 90.48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIANE Current User Name: Di Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE () PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE () PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe () PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.) PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.) PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited) MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll (Lenovo Group Limited) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- File not found SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys () DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M] O1 HOSTS File: (6575 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 88.198.198.204 google.ae O1 - Hosts: 88.198.198.204 google.as O1 - Hosts: 88.198.198.204 google.at O1 - Hosts: 88.198.198.204 google.az O1 - Hosts: 88.198.198.204 google.ba O1 - Hosts: 88.198.198.204 google.be O1 - Hosts: 88.198.198.204 google.bg O1 - Hosts: 88.198.198.204 google.bs O1 - Hosts: 88.198.198.204 google.ca O1 - Hosts: 88.198.198.204 google.cd O1 - Hosts: 88.198.198.204 google.com.gh O1 - Hosts: 88.198.198.204 google.com.hk O1 - Hosts: 88.198.198.204 google.com.jm O1 - Hosts: 88.198.198.204 google.com.mx O1 - Hosts: 88.198.198.204 google.com.my O1 - Hosts: 88.198.198.204 google.com.na O1 - Hosts: 88.198.198.204 google.com.nf O1 - Hosts: 88.198.198.204 google.com.ng O1 - Hosts: 193 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe () O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE () O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/21 17:02:06 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe [2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal [2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe [2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/06 09:03:21 | 00,000,000 | ---D | C] -- C:\ComboFix [2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager [2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys [2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes [2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee [2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87 [2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll [2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll ========== Files - Modified Within 30 Days ========== [2009/11/06 16:25:39 | 00,007,005 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/11/06 16:25:32 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/06 16:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/06 16:24:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/06 16:24:44 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys [2009/11/06 16:24:12 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT [2009/11/06 16:23:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini [2009/11/06 16:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe [2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat [2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe [2009/11/06 15:26:10 | 00,041,538 | ---- | M] () -- C:\WINDOWS\alaredun.ini [2009/11/06 15:26:10 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini [2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:08:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/11/06 08:51:34 | 03,562,655 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe [2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk [2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/04 12:20:46 | 00,006,575 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/04 11:38:20 | 07,475,184 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db [2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx [2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe ========== Files Created - No Company Name ========== [2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat [2009/11/06 15:26:09 | 00,041,538 | ---- | C] () -- C:\WINDOWS\alaredun.ini [2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/06 08:51:31 | 03,562,655 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe [2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk [2009/11/04 12:54:22 | 00,007,005 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF [2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx [2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini [2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini [2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll [2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll [2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll [2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll [2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll [2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll [2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll [2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll [2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll [2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll [2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll [2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll [2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll [2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll [2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll [2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll [2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll [2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll [2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll [2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll [2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini [2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat [2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini [2009/08/26 17:21:17 | 07,475,184 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db [2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini [2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont ========== LOP Check ========== [2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87 [2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode [2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO [2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr [2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations [2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo [2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search [2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search [2009/11/06 16:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2009/11/06 16:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS [2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < End of report > OTL Extras logfile created on: 11/6/2009 5:15:24 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.48 Gb Total Space | 207.64 Gb Free Space | 90.48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIANE Current User Name: Di Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe:*:Enabled:Aurora MSDE Database -- (Microsoft Corporation) "C:\Program Files\a la mode\Sched\eSched.exe" = C:\Program Files\a la mode\Sched\eSched.exe:*:Enabled:a la mode Assistant -- (a la mode, inc.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax "{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager "{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009 "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks "{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkVantage Power Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5B5DED6-E58F-43FA-BBBC-D64170B32C29}" = XSite Order Manager "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (ALAMODE) "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl "InstallShield_{A5B5DED6-E58F-43FA-BBBC-D64170B32C29}" = XSite Order Manager "InstallShield_{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop "Lenovo Registration" = Lenovo Registration "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "MSC" = McAfee SecurityCenter "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PC-Doctor for Windows" = Lenovo System Toolbox "PDF-XChange 3_is1" = PDF-XChange 3 "PROHYBRIDR" = 2007 Microsoft Office system "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WMCSetup" = Windows Media Connect "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/16/2009 6:25:55 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 9/16/2009 6:25:55 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 9/16/2009 6:26:14 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt to LogOff without a logo Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 9/22/2009 10:37:26 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt to LogOff without a logo Error - 9/22/2009 10:55:17 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks Pro 2009": Trying to process a record 35 : Accounts Payable for List Review edlist without actually being in a write transacti Error - 9/24/2009 4:47:55 PM | Computer Name = DIANE | Source = Application Hang | ID = 1002 Description = Hanging application Winform.exe, version 1.1.0.307, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 10/15/2009 9:56:22 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 Error - 10/17/2009 2:11:05 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 Error - 10/17/2009 2:12:09 PM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 11/1/2009 9:40:40 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 Error - 11/1/2009 9:41:45 AM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 11/1/2009 9:52:28 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 Error - 11/1/2009 12:17:42 PM | Computer Name = DIANE | Source = BROWSER | ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{26AE27C0-55F9-4D41-9D0A-C17D815B9703}. The backup browser is stopping. Error - 11/3/2009 11:23:21 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 Error - 11/3/2009 11:24:25 AM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 11/4/2009 11:32:24 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%3 < End of report > RootRepeal.txt
  9. Moved on to the ComboFix ... After installing Combix to the desktop, disabling McAfee and running the program, received the following warning ComboFix has detected the following real time scanner(s) to be active: Antivirus: Windows Enterprise Suite Antivirus and instrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking OK Windows Enterprise Suite is the malware I'm trying to remove .... correct? So, I clicked on OK without the means of disabling this process and received the following warning Antivirus: Windows Enterprise Suite The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk. Clicked OK (didn't really think I had a choice) The ComboFix log follows ComboFix 09-11-05.05 - Di 11/06/2009 9:04.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2324 [GMT -5:00] Running from: c:\documents and settings\Di\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Windows Enterprise Suite *On-access scanning enabled* (Updated) {B34FCF14-68EF-4AE0-BFF4-9287CCA76CD9} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Windows Enterprise Suite *enabled* {AA47C571-755B-4924-AC5B-07F016289E93} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-720729663-3674832510-483646340-500 c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))))) . 2009-11-06 13:40 . 2009-11-06 13:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-11-06 13:36 . 2009-11-06 13:36 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll 2009-11-06 13:36 . 2009-11-06 13:36 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll 2009-11-06 13:36 . 2009-11-06 13:36 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll 2009-11-06 13:36 . 2009-11-06 13:36 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll 2009-11-06 13:36 . 2009-11-06 13:36 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe 2009-11-06 13:36 . 2009-11-06 13:36 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll 2009-11-06 13:36 . 2009-11-06 13:36 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-11-06 13:36 . 2009-11-06 13:36 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll 2009-11-06 13:36 . 2009-11-06 13:36 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll 2009-11-06 13:36 . 2009-11-06 13:36 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll 2009-11-06 13:36 . 2009-11-06 13:36 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-11-05 18:48 . 2009-11-05 18:49 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager 2009-11-05 18:26 . 2009-11-05 18:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-11-04 18:41 . 2009-11-04 18:41 -------- d-----w- c:\program files\Trend Micro 2009-11-04 17:58 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Application Data\SACore 2009-11-04 17:54 . 2009-11-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-11-04 17:51 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-04 17:51 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-04 17:51 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-04 17:51 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Common Files\McAfee 2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\McAfee.com 2009-11-04 17:50 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\Di\Application Data\Malwarebytes 2009-11-04 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 16:41 . 2009-11-06 13:32 -------- d-----w- c:\program files\McAfee 2009-11-04 15:41 . 2009-11-04 15:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\914fd87 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 17:55 . 2009-08-27 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-12 18:10 . 2009-08-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\alamode 2009-10-08 16:56 . 2009-09-12 14:26 2322 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-10-01 19:01 . 2009-10-01 19:00 -------- d-----w- c:\program files\Common Files\Logishrd 2009-10-01 19:01 . 2009-08-28 22:24 -------- d-----w- c:\program files\Common Files\Logitech 2009-10-01 19:00 . 2009-10-01 19:00 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe 2009-10-01 19:00 . 2009-08-13 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-22 22:39 . 2009-08-13 14:53 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-16 15:22 . 2009-01-09 17:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-14 19:44 . 2009-09-14 19:38 -------- d-----w- c:\documents and settings\Di\Application Data\Apple Computer 2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\program files\iTunes 2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\iPod 2009-09-14 19:37 . 2009-09-14 19:35 -------- d-----w- c:\program files\Common Files\Apple 2009-09-14 19:37 . 2009-09-14 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\Bonjour 2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\QuickTime 2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\program files\Apple Software Update 2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-09-14 17:45 . 2009-09-14 17:45 34056 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll 2009-09-14 17:45 . 2009-09-14 17:45 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-09-14 17:45 . 2009-09-14 17:45 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll 2009-09-14 17:45 . 2009-09-14 17:45 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll 2009-09-14 17:39 . 2009-09-14 17:39 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe 2009-09-14 17:39 . 2009-09-14 17:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll 2009-09-14 17:39 . 2009-09-14 17:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll 2009-09-12 14:17 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10 2009-09-12 14:07 . 2009-09-12 14:07 -------- d-----w- c:\program files\Common Files\supportsoft 2009-09-12 14:07 . 2009-08-13 15:09 91896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 14:04 . 2009-09-12 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-09-12 14:02 . 2009-09-12 13:59 -------- d-----w- c:\program files\Common Files\Intuit 2009-09-12 13:52 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES 2009-09-10 21:49 . 2009-08-13 15:12 -------- d-----w- c:\program files\Microsoft Small Business 2009-09-10 21:48 . 2009-08-13 15:07 -------- d-----w- c:\program files\Microsoft.NET 2009-09-10 21:47 . 2009-08-13 15:10 -------- d-----w- c:\program files\Microsoft SQL Server 2009-09-10 21:07 . 2009-08-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\program files\Microsoft Works 2009-09-10 20:01 . 2009-08-13 14:57 -------- d-----w- c:\program files\Java 2009-09-10 20:00 . 2009-09-10 20:00 152576 ----a-w- c:\documents and settings\Di\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-09-10 18:54 . 2009-08-29 00:03 -------- d-----w- c:\program files\a la mode 2009-09-09 21:34 . 2009-09-09 21:34 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Search 2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Desktop Search 2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\program files\Windows Desktop Search 2009-09-09 01:43 . 2009-09-09 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe 2009-08-31 18:25 . 2009-08-31 18:25 1886320 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM120.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM112.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM105.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM100.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM090.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM080.fot 2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ADATA095.fot 2009-08-27 02:12 . 2009-08-27 02:12 125 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\fusioncache.dat 2009-08-13 15:09 . 2009-09-12 14:11 83904 ----a-w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-13 15:09 . 2009-08-26 22:21 83904 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-13 15:01 . 2009-08-13 15:01 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys 2009-08-13 15:01 . 2009-08-13 15:01 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys 2009-08-13 14:55 . 2009-09-12 14:11 10134 ----a-r- c:\documents and settings\QBDataServiceUser19\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:55 . 2009-08-26 22:21 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:55 . 2009-08-26 22:20 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:55 . 2009-08-13 14:55 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe 2009-08-13 14:48 . 2009-08-13 14:48 319488 ----a-w- c:\windows\HideWin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-23 393216] "PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-24 72256] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248] "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336] "The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968] "Alcmtr"="ALCMTR.EXE" - c:\windows\ALCMTR.EXE [2008-06-19 57344] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 805392] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brastk.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"= "c:\\Program Files\\a la mode\\Sched\\eSched.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 11:43 AM 210216] R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 9:51 AM 64064] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448] R3 QuickBooksDB19;QuickBooksDB19;c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?] R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 4:33 PM 5760] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752] S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *NewlyCreated* - MCODS *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54] 2009-11-04 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22] 2009-11-04 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22] 2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] 2009-08-13 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 09:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn mDefault_Page_URL = hxxp://lenovo.live.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB . - - - - ORPHANS REMOVED - - - - HKLM-Run-XeroxRegistation - c:\docume~1\Di\LOCALS~1\Temp\Xerox\EReg\EReg.exe HKLM-Run-<NO NAME> - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 09:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Completion time: 2009-11-06 9:10 ComboFix-quarantined-files.txt 2009-11-06 14:10 Pre-Run: 222,690,254,848 bytes free Post-Run: 222,925,139,968 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 5389CC2607AF13F535FC89790759E428
  10. Hello Perplexus, I appreciate your time and assistance. Following your instructions, I unzipped HostsXpert to the hard drive and proceeded to run the application. Didn't need to click on File Handling, that was where the program opened Received a warning - Your hosts file is marked as a "system file" and can not be manipulated. Press OK to remove system file attributes, CANCEL to quit. HostsXpert will not reset the attributes. Clicked on OK Received a warning - Your hosts file is marketd as a "hidden file" and can not be manipulted. Press OK to remove the hidden file attributes, CANCEL to quit. HostsXpert wil not reset the attriubtes. Clicked OK The contents of the hosts file was displayed. Clicked on Restore MS Hosts File Received Confirmation Clicked on OK Received Error - Cannot create file C:\windows\system32\driver\ETC\hosts Clicked on OK HostsXpert program closed I believe I follow your instructions, so far, to a T. Did I miss something? Also, how can I tell if I used a custom hosts file? Obviously, I haven't customized anything.
  11. Hello, Our pc was infected with the Windows Security Suite and appears to have been removed with the free version of your utility. Like others, the google search is still being redirected to gala. I've included the 2 logs below. The MBAM log is from a subsequent run after the Windows Security Suite was removed (the post was too large with the log from the cleansing run of MBAM). I also wanted to note that during the run of HijackThis, I received a message that the program could not write to the hosts file and that I should edit the file via notepad. I also received a message that the hosts file was unusually large and that I should just delete it versus trying to clean it up. Along with the disclaimer that you should know what you are doing when editing a hosts file, I did nothing because not knowing what I'm doing is pretty common with todays pcs and software. I appreciate any and all help. MBAM log Malwarebytes' Anti-Malware 1.41 Database version: 3099 Windows 5.1.2600 Service Pack 3 11/4/2009 3:27:06 PM mbam-log-2009-11-04 (15-27-06).txt Scan type: Quick Scan Objects scanned: 135871 Time elapsed: 8 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:05:11 PM, on 11/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.exe C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\a la mode\Sched\eSched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE c:\program files\lenovo\system update\suservice.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Java\jre6\bin\jucheck.exe c:\PROGRA~1\mcafee\msc\mcupdui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 88.198.198.204 google.ae O1 - Hosts: 88.198.198.204 google.as O1 - Hosts: 88.198.198.204 google.at O1 - Hosts: 88.198.198.204 google.az O1 - Hosts: 88.198.198.204 google.ba O1 - Hosts: 88.198.198.204 google.be O1 - Hosts: 88.198.198.204 google.bg O1 - Hosts: 88.198.198.204 google.bs O1 - Hosts: 88.198.198.204 google.ca O1 - Hosts: 88.198.198.204 google.cd O1 - Hosts: 88.198.198.204 google.com.gh O1 - Hosts: 88.198.198.204 google.com.hk O1 - Hosts: 88.198.198.204 google.com.jm O1 - Hosts: 88.198.198.204 google.com.mx O1 - Hosts: 88.198.198.204 google.com.my O1 - Hosts: 88.198.198.204 google.com.na O1 - Hosts: 88.198.198.204 google.com.nf O1 - Hosts: 88.198.198.204 google.com.ng O1 - Hosts: 88.198.198.204 google.ch O1 - Hosts: 88.198.198.204 google.com.np O1 - Hosts: 88.198.198.204 google.com.pr O1 - Hosts: 88.198.198.204 google.com.qa O1 - Hosts: 88.198.198.204 google.com.sg O1 - Hosts: 88.198.198.204 google.com.tj O1 - Hosts: 88.198.198.204 google.com.tw O1 - Hosts: 88.198.198.204 google.dj O1 - Hosts: 88.198.198.204 google.de O1 - Hosts: 88.198.198.204 google.dk O1 - Hosts: 88.198.198.204 google.dm O1 - Hosts: 88.198.198.204 google.ee O1 - Hosts: 88.198.198.204 google.fi O1 - Hosts: 88.198.198.204 google.fm O1 - Hosts: 88.198.198.204 google.fr O1 - Hosts: 88.198.198.204 google.ge O1 - Hosts: 88.198.198.204 google.gg O1 - Hosts: 88.198.198.204 google.gm O1 - Hosts: 88.198.198.204 google.gr O1 - Hosts: 88.198.198.204 google.ht O1 - Hosts: 88.198.198.204 google.ie O1 - Hosts: 88.198.198.204 google.im O1 - Hosts: 88.198.198.204 google.in O1 - Hosts: 88.198.198.204 google.it O1 - Hosts: 88.198.198.204 google.ki O1 - Hosts: 88.198.198.204 google.la O1 - Hosts: 88.198.198.204 google.li O1 - Hosts: 88.198.198.204 google.lv O1 - Hosts: 88.198.198.204 google.ma O1 - Hosts: 88.198.198.204 google.ms O1 - Hosts: 88.198.198.204 google.mu O1 - Hosts: 88.198.198.204 google.mw O1 - Hosts: 88.198.198.204 google.nl O1 - Hosts: 88.198.198.204 google.no O1 - Hosts: 88.198.198.204 google.nr O1 - Hosts: 88.198.198.204 google.nu O1 - Hosts: 88.198.198.204 google.pl O1 - Hosts: 88.198.198.204 google.pn O1 - Hosts: 88.198.198.204 google.pt O1 - Hosts: 88.198.198.204 google.ro O1 - Hosts: 88.198.198.204 google.ru O1 - Hosts: 88.198.198.204 google.rw O1 - Hosts: 88.198.198.204 google.sc O1 - Hosts: 88.198.198.204 google.se O1 - Hosts: 88.198.198.204 google.sh O1 - Hosts: 88.198.198.204 google.si O1 - Hosts: 88.198.198.204 google.sm O1 - Hosts: 88.198.198.204 google.sn O1 - Hosts: 88.198.198.204 google.st O1 - Hosts: 88.198.198.204 google.tl O1 - Hosts: 88.198.198.204 google.tm O1 - Hosts: 88.198.198.204 google.tt O1 - Hosts: 88.198.198.204 google.us O1 - Hosts: 88.198.198.204 google.vu O1 - Hosts: 88.198.198.204 google.ws O1 - Hosts: 88.198.198.204 google.co.ck O1 - Hosts: 88.198.198.204 google.co.id O1 - Hosts: 88.198.198.204 google.co.il O1 - Hosts: 88.198.198.204 google.co.in O1 - Hosts: 88.198.198.204 google.co.jp O1 - Hosts: 88.198.198.204 google.co.kr O1 - Hosts: 88.198.198.204 google.co.ls O1 - Hosts: 88.198.198.204 google.co.ma O1 - Hosts: 88.198.198.204 google.co.nz O1 - Hosts: 88.198.198.204 google.co.tz O1 - Hosts: 88.198.198.204 google.co.ug O1 - Hosts: 88.198.198.204 google.co.uk O1 - Hosts: 88.198.198.204 google.co.za O1 - Hosts: 88.198.198.204 google.co.zm O1 - Hosts: 88.198.198.204 google.com O1 - Hosts: 88.198.198.204 google.com.af O1 - Hosts: 88.198.198.204 google.com.ag O1 - Hosts: 88.198.198.204 google.com.ar O1 - Hosts: 88.198.198.204 google.com.au O1 - Hosts: 88.198.198.204 google.com.bn O1 - Hosts: 88.198.198.204 google.com.br O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\Di\LOCALS~1\Temp\Xerox\EReg\EReg.exe" /Startup O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Web-Based Email Tools - http://email03.secureserver.net/Download.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: McAfee Application Installer Cleanup (0050171257357099) (0050171257357099mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Di\LOCALS~1\Temp\005017~1.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- End of file - 16652 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.