I'm infected with Whitesmoke toolbar, only Chrome affected

[raen_rfm]

I seem to have gotten whitesmoke from a bad file. It will not go away from Chrome despite efforts. Here is my DDS.txt and Attach.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Run by rem at 13:04:29 on 2013-02-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.345 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Disabled*

.

============== Running Processes ================

.

C:\Program Files\VMware\VMware Tools\vmacthlp.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\Program Files\Java\jre1.6.0_11\bin\jqs.exe

C:\Program Files\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\SAsrv.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\VMware\VMware Tools\vmtoolsd.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.ca/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_11\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.6.0_11\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre1.6.0_11\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

StartupFolder: c:\docume~1\rem\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\docume~1\rem\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\manage~1.lnk - c:\program files\desktopcentral_agent\bin\dcagenttrayicon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoSimpleNetIDList = dword:1

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-System: legalnoticecaption = Authorized TBayTel employees only

mPolicies-System: legalnoticetext = This Computer and Network belongs to TBayTel.

Unauthorized use is prohibited and may result in prosecution.

TBayTel reserves the right to monitor its use to

ensure its stability, availability, and security.

Call 684-2680 for any issues.

mPolicies-System: LocalAccountTokenFilterPolicy = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoSimpleNetIDList = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Evernote 4 - c:\program files\evernote\evernote\ie8clipper\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\ie8clipper\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349959297402

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://mynah/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {BC668528-12DE-44EC-A814-AEA8FCA99557} - hxxp://mynah/xadb8.cab

DPF: {C019193E-8194-41F2-8298-2459A48A7EC8} - hxxp://mynah/tdbl8.cab

DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} - hxxp://mynah/vsflex7l.cab

DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} - hxxp://mynah/sscala32.cab

TCP: NameServer = 192.168.15.25 192.168.15.1

TCP: Interfaces\{E42B1091-5DD0-4835-A7C1-D8A7D6D973FB} : DHCPNameServer = 10.1.3.7 10.2.1.3

TCP: Interfaces\{E59DC57A-3D22-4F10-AFC1-1DC4772A8408} : DHCPNameServer = 192.168.15.25 192.168.15.1

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Notify: igfxcui - igfxdev.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

Notify: VMUpgradeAtShutdown - VMUpgradeAtShutdownWXP.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2011-8-2 21504]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]

R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98968]

R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2013-1-30 144408]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2012-6-27 108456]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2012-6-27 108456]

R2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\drivers\CipcCdp.sys [2013-1-14 24064]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-7 210896]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-12-9 43584]

R2 ManageEngine Desktop Central - Agent;ManageEngine Desktop Central 8 - Agent;c:\program files\desktopcentral_agent\bin\dcagentservice.exe [2012-12-6 552072]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-11 682344]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2012-5-3 35088]

R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2008-3-11 263536]

R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2011-8-2 446592]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-2-12 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-2-12 1369624]

R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2012-6-27 1846592]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-8-2 2656280]

R2 VMMEMCTL;Memory Control Driver;c:\program files\common files\vmware\drivers\memctl\vmmemctl.sys [2012-10-31 15128]

R2 VMTools;VMware Tools;c:\program files\vmware\vmware tools\vmtoolsd.exe [2012-10-31 62616]

R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\vmware\vmware tools\vmacthlp.exe [2012-10-31 432792]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]

R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-11 21104]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130212.023\NAVENG.SYS [2013-2-13 93296]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130212.023\NAVEX15.SYS [2013-2-13 1603824]

R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-11-14 13440]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2011-11-13 11440]

R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2011-11-13 102256]

R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2011-11-13 30000]

S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2013-1-30 17968]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-8-2 13680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-2 101736]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-11 398184]

S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2012-10-23 76288]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-2-12 168384]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-2 131432]

S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-2 142696]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]

S2 VMwareHostd;VMware Workstation Server;"c:\program files\vmware\vmware workstation\vmware-hostd.exe" -u "c:\documents and settings\all users\application data\vmware\hostd\config.xml" --> c:\program files\vmware\vmware workstation\vmware-hostd.exe [?]

S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-8-2 132096]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2012-5-23 23888]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-2 260864]

S3 ManageEngine Desktop Central - Remote Control;ManageEngine Desktop Central 8 - Remote Control;c:\program files\desktopcentral_agent\bin\dcrdservice.exe [2012-12-6 613512]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-8-2 41088]

S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [2012-9-12 10260480]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-9-12 23608]

S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2012-9-17 378192]

S3 TPVCGateway;TP VC Gateway Service;c:\program files\vmware\vmware tools\TPVCGateway.exe [2012-9-17 406864]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-02-13 16:49:58 -------- d-----w- c:\program files\TBTEmail

2013-02-13 15:48:36 -------- d-sha-r- C:\cmdcons

2013-02-13 15:47:12 208896 ----a-w- c:\windows\MBR.exe

2013-02-13 15:47:11 98816 ----a-w- c:\windows\sed.exe

2013-02-13 15:47:11 256000 ----a-w- c:\windows\PEV.exe

2013-02-13 13:52:22 -------- d-----w- c:\documents and settings\rem\local settings\application data\NPE

2013-02-13 13:52:21 -------- d-----w- c:\documents and settings\all users\application data\Norton

2013-02-12 20:53:31 -------- d-----w- c:\documents and settings\rem\application data\Wireshark

2013-02-12 16:39:09 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2013-02-12 16:38:37 15224 ----a-w- c:\windows\system32\sdnclean.exe

2013-02-12 16:38:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2013-02-11 23:59:03 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2013-02-11 21:17:04 -------- d-----w- c:\documents and settings\rem\local settings\application data\Conduit

2013-02-11 19:26:05 -------- d-----w- c:\documents and settings\rem\application data\Malwarebytes

2013-02-11 19:25:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-02-11 19:25:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-11 19:25:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-11 19:00:06 -------- d-----w- C:\toolbarImages

2013-02-11 16:39:57 -------- d-----w- c:\documents and settings\rem\local settings\application data\CRE

2013-02-03 04:34:32 -------- d-----w- c:\documents and settings\rem\local settings\application data\Eastman_Kodak_Company

2013-02-03 04:33:55 -------- d-----w- c:\documents and settings\rem\local settings\application data\Kodak

2013-02-03 04:32:31 -------- d-----w- c:\documents and settings\all users\application data\Eastman Kodak Company

2013-02-03 04:32:20 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2013-02-03 04:32:20 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2013-02-03 04:29:24 -------- d-----w- c:\documents and settings\rem\local settings\application data\Eastman Kodak Company

2013-02-03 04:27:29 65536 ----a-r- c:\documents and settings\rem\application data\microsoft\installer\{843081bd-351f-46fc-8a17-517a0d9117a3}\NewShortcut3_843081BD351F46FC8A17517A0D9117A3.exe

2013-02-03 04:27:28 65536 ----a-r- c:\documents and settings\rem\application data\microsoft\installer\{843081bd-351f-46fc-8a17-517a0d9117a3}\NewShortcut2_843081BD351F46FC8A17517A0D9117A3.exe

2013-02-03 04:27:28 65536 ----a-r- c:\documents and settings\rem\application data\microsoft\installer\{843081bd-351f-46fc-8a17-517a0d9117a3}\NewShortcut1_843081BD351F46FC8A17517A0D9117A3.exe

2013-02-03 04:25:43 -------- d-----w- C:\d36a37b3b5fc4d68196bb80d

2013-02-03 04:18:10 -------- d-----w- c:\documents and settings\all users\application data\Kodak

2013-02-03 04:16:24 -------- d-----w- c:\program files\Kodak

2013-02-01 15:30:28 -------- d-----w- c:\program files\EaseUS

2013-01-30 15:04:40 50840 ----a-w- c:\windows\system32\vmhgfs.dll

2013-01-30 15:04:40 144408 ----a-w- c:\windows\system32\drivers\vmhgfs.sys

2013-01-30 14:31:08 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2013-01-30 14:31:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys

2013-01-30 14:30:58 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys

2013-01-30 14:30:58 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS

2013-01-30 14:30:55 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys

2013-01-30 14:30:55 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

2013-01-30 14:30:38 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys

2013-01-30 14:30:38 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-01-30 14:30:20 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys

2013-01-30 14:30:20 40704 ----a-w- c:\windows\system32\drivers\es1371mp.sys

2013-01-30 14:29:46 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys

2013-01-30 14:29:46 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys

2013-01-30 09:52:53 17968 ----a-w- c:\windows\system32\drivers\vmscsi.sys

2013-01-30 09:52:51 -------- d-----w- c:\windows\$Reconfig$

2013-01-29 14:14:56 -------- d-----w- C:\Firefox

2013-01-29 13:56:50 -------- d-----w- c:\documents and settings\rem\local settings\application data\Sun

2013-01-29 13:38:02 73728 ----a-w- c:\windows\system32\javacpl.cpl

2013-01-28 14:36:29 -------- d-----w- c:\program files\Ubiquiti Networks

2013-01-24 20:03:09 1012 ----a-w- c:\documents and settings\rem\SDM-2.5-1841-c1841-advipservicesk9-mz.124-18.bin

2013-01-21 21:23:36 -------- d-----w- C:\ProgramData

2013-01-17 19:08:05 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2013-01-17 19:08:05 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2013-01-16 18:31:50 -------- d-----w- c:\documents and settings\rem\Downloads

2013-01-15 03:01:14 24064 ----a-r- c:\windows\system32\drivers\CipcCdp.sys

2013-01-15 03:01:14 1419232 ----a-r- c:\windows\system32\wdfcoinstaller01005.dll

2013-01-15 02:59:42 -------- d-----w- c:\program files\common files\Plantronics

2013-01-15 02:59:39 -------- d-----w- c:\program files\common files\Cisco Systems

2013-01-15 02:58:10 -------- d-----w- c:\windows\Downloaded Installations

2013-01-14 19:16:36 -------- d-----w- c:\documents and settings\rem\Cisco

2013-01-14 19:14:29 -------- d--h--w- c:\program files\Zero G Registry

2013-01-14 19:14:19 -------- d--h--w- c:\documents and settings\rem\InstallAnywhere

.

==================== Find3M ====================

.

2013-02-11 14:55:11 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-11 14:55:11 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-29 13:44:01 859552 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-01-29 13:44:00 780192 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-20 19:34:40 99 ----a-w- C:\StartDB.bat

2012-12-20 19:34:40 71 ----a-w- C:\NetflowDBCreate.bat

2012-12-20 19:34:40 257 ----a-w- C:\CollectorService.bat

2012-12-20 19:34:40 111 ----a-w- C:\NetflowService.bat

2012-12-07 01:17:08 841864 ----a-w- c:\windows\system32\dclibxml2.dll

.

============= FINISH: 13:05:40.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/2/2011 2:39:59 PM

System Uptime: 2/13/2013 11:42:26 AM (2 hours ago)

.

Motherboard: Intel Corporation | | 440BX Desktop Reference Platform

Processor: Intel Pentium III Xeon processor | CPU socket #0 | 2491/mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

Accesscare_Web

Adobe Flash Player 11 ActiveX

Adobe Reader X

Adobe SVG Viewer 3.0

Boson Exam Environment

CCleaner

Cisco AnyConnect VPN Client

Cisco Configuration Professional

Cisco IP Communicator

Cisco Packet Tracer 5.3

Cisco SDM

Cisco Systems VPN Client 5.0.00.0340

Compatibility Pack for the 2007 Office system

Conexant 20672 SmartAudio HD

Dynamic Edge - File Path Copy 1.0

Evernote v. 4.6.2

FileZilla Server

Gadwin PrintScreen

Galaxy Nexus ToolKit

Google Earth

Google SketchUp Pro 8

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970685)

IBM USB-to-Serial

ImgBurn

Integrated Camera Driver Installer Package Ver.1.1.0.1147

Integrated Camera TWAIN

Intel PROSet Wireless

Intel® Identity Protection Technology 1.0.74.0

Intel® Management Engine Components

Intel® Network Connections Drivers

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intranet_TheLoop

J2SE Runtime Environment 5.0 Update 22

Java 6 Update 11

KeePass Password Safe 2.19

Lenovo Auto Scroll Utility

Lenovo Patch Utility

Lenovo Power Management Driver

Lenovo System Interface Driver

LinuxLive USB Creator

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.70.0.1100

ManageEngine Desktop Central 8 - Agent

Martens

Message Center

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office File Validation Add-In

Microsoft Office Project Standard 2003

Microsoft Office Standard Edition 2003

Microsoft Office Visio Standard 2003

Microsoft redistributable runtime DLLs VS2008 SP1(x86)

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WinUsb 2.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

MSXML4.0 redistributable

On Screen Display

PdaNet for Android 3.50

PDFCreator

Putty

RackTools 3.5

RICOH_Media_Driver_v2.14.18.01

SAP GUI for Windows 7.20

SAP_GUI_7.10

SAP_ini_update_2009-09-30

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Shortcut_Incident_Map

Spybot - Search & Destroy

STM TPM Driver 1.0.4.15 - 32 bits

Suite_Solutions_Active_X

Symantec Endpoint Protection

System Update

TbaytelEmail

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad FullScreen Magnifier

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Communications Utility

ThinkVantage Fingerprint Software

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

UltraVnc

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

vcredist_x86

VLC media player 2.0.4

VmciSockets

VMware Tools

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

WinPcap 4.1.2-Spiceworks

WinRAR 4.20 (32-bit)

Wireshark 1.6.8 (32-bit)

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

[raen_rfm]

I should clarify that the Tbaytelemail app is actually a customized version of Chrome.

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[raen_rfm]

Thank you Mr. C!

Here is the RogueKiller report:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : rem [Admin rights]

Mode : Scan -- Date : 02/15/2013 08:25:00

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x835DAA78)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x835DAAB0)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8350CF40)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8384CA78)

SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x83503B30)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x835E0B48)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x83845AE8)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x837D8AC0)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x837D8B80)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8346BB20)

SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x83843B80)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8388BBC8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x837D9B30)

SSDT[143] : NtQueryDefaultLocale @ 0x80610D16 -> HOOKED (\SystemRoot\SYSTEM32\Drivers\SysPlant.sys @ 0xEE72C720)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x83857AA8)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8346FAF8)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x835DBAE8)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x83504AE8)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x83843AC0)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x83844A80)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x83585D08)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x83844B40)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8350CF08)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8346FB30)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: VMware Virtual IDE Hard Drive +++++

--- User ---

[MBR] 6449fbc0d2b33d1c0a0bf176b634c33a

[bSP] ca995b2122f29edcaae7a519eea79c76 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 40953 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02152013_02d0825.txt >>

RKreport[1]_S_02152013_02d0825.txt

[raen_rfm]

Just to clarify this is a virtual machine I have running in a Ubuntu 12.10 host, so that may be a good thing regarding MBR stuff. The host system is unaffected.

[MrCharlie]

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

[raen_rfm]

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 08:49:04

# Updated 10/02/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : rem - COVE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\rem\Desktop\adwcleaner0.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\WINDOWS\Tasks\DealPlyUpdate.job

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Found : C:\Documents and Settings\rem\Application Data\PriceGong

Folder Found : C:\Documents and Settings\rem\Local Settings\Application Data\Conduit

Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\ConduitSearchScopes

Key Found : HKCU\Software\DealPly

Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\PriceGong

Key Found : HKCU\Software\SmartBar

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3284024

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\Software\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN29075094691342220&ctid=CT3284024

*************************

AdwCleaner[R1].txt - [3767 octets] - [11/02/2013 14:09:39]

AdwCleaner[R2].txt - [3546 octets] - [15/02/2013 08:49:04]

AdwCleaner[s1].txt - [3887 octets] - [11/02/2013 14:10:52]

########## EOF - C:\AdwCleaner[R2].txt - [3666 octets] ##########

[raen_rfm]

I don't see anything that I need to keep.

[MrCharlie]

Some adware found....lets clear it out.....

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then.............

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

MrC

[raen_rfm]

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 09:03:57

# Updated 10/02/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : rem - COVE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\rem\Desktop\adwcleaner0.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\WINDOWS\Tasks\DealPlyUpdate.job

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\rem\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\rem\Local Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284024

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\Software\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN29075094691342220&ctid=CT3284024 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [3767 octets] - [11/02/2013 14:09:39]

AdwCleaner[R2].txt - [3735 octets] - [15/02/2013 08:49:04]

AdwCleaner[R3].txt - [3795 octets] - [15/02/2013 09:03:02]

AdwCleaner[s1].txt - [3887 octets] - [11/02/2013 14:10:52]

AdwCleaner[s2].txt - [3837 octets] - [15/02/2013 09:03:57]

########## EOF - C:\AdwCleaner[s2].txt - [3897 octets] ##########

[raen_rfm]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.3 (02.12.2013:1)

OS: Microsoft Windows XP x86

Ran by rem on Fri 02/15/2013 at 9:11:25.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\visualbee

Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"

Successfully deleted: [Folder] "C:\Documents and Settings\rem\Local Settings\Application Data\visualbeeexe"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/15/2013 at 9:37:00.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[MrCharlie]

Is it still there?? MrC

[raen_rfm]

yes...unfortunately....

[raen_rfm]

The bar isn't there immediately...I would say it takes about 30 seconds, then it appears to reload chrome almost then the bar shows up.

[MrCharlie]

OK, we'll have to manually remove it:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC (be back in a little while)

[raen_rfm]

OTL logfile created on: 2/15/2013 9:56:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\rem\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 498.37 Mb Available Physical Memory | 64.94% Memory free

1.83 Gb Paging File | 1.28 Gb Available in Paging File | 69.97% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.99 Gb Total Space | 15.49 Gb Free Space | 38.73% Space Free | Partition Type: NTFS

Drive D: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COVE | User Name: rem | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/15 09:55:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rem\Desktop\OTL.exe

PRC - [2013/01/29 22:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2012/12/06 20:17:10 | 000,552,072 | ---- | M] () -- C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe

PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2012/10/31 20:01:40 | 000,062,616 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe

PRC - [2012/10/31 19:56:58 | 000,432,792 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe

PRC - [2012/09/14 12:27:34 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_11\bin\jqs.exe

PRC - [2012/06/27 05:32:22 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2012/06/27 05:32:20 | 001,471,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2012/06/27 05:32:18 | 001,897,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2012/06/27 05:32:18 | 001,846,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2012/05/30 12:28:52 | 000,195,680 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2012/05/30 12:28:42 | 000,244,832 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2012/05/30 12:28:40 | 000,105,568 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2012/04/24 19:58:08 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2012/04/24 18:55:46 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2012/04/24 18:32:50 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2012/03/09 13:30:50 | 000,484,976 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe

PRC - [2012/02/26 09:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe

PRC - [2012/01/16 10:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2011/04/05 11:43:50 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2011/04/05 11:43:50 | 000,365,912 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\SASrv.exe

PRC - [2011/02/07 15:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe

PRC - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/02/25 06:04:40 | 000,263,536 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe

PRC - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/06 20:17:10 | 000,552,072 | ---- | M] () -- C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe

MOD - [2012/12/06 20:17:08 | 000,841,864 | ---- | M] () -- C:\WINDOWS\system32\dclibxml2.dll

MOD - [2012/11/15 09:21:09 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll

MOD - [2012/11/15 08:40:11 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll

MOD - [2012/11/15 08:37:20 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll

MOD - [2012/11/15 08:36:55 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll

MOD - [2012/11/15 08:36:33 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl

MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

MOD - [2012/05/30 12:04:12 | 000,044,544 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll

MOD - [2012/05/30 12:04:00 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll

MOD - [2012/05/30 11:42:40 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll

MOD - [2012/03/09 13:30:50 | 000,484,976 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe

MOD - [2011/04/05 11:44:02 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2011/04/05 11:44:00 | 000,075,112 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll

MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007/04/03 15:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)

SRV - File not found [Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)

SRV - [2013/02/11 09:55:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/06 20:17:10 | 000,613,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DesktopCentral_Agent\bin\dcrdservice.exe -- (ManageEngine Desktop Central - Remote Control)

SRV - [2012/12/06 20:17:10 | 000,552,072 | ---- | M] () [Auto | Running] -- C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe -- (ManageEngine Desktop Central - Agent)

SRV - [2012/10/31 20:01:40 | 000,062,616 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe -- (VMTools)

SRV - [2012/10/31 19:56:58 | 000,432,792 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- (VMware Physical Disk Helper Service)

SRV - [2012/09/17 10:35:24 | 000,406,864 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway)

SRV - [2012/09/17 10:35:24 | 000,378,192 | ---- | M] (Cortado AG) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)

SRV - [2012/09/14 12:27:34 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_11\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/06/27 05:32:22 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2012/06/27 05:32:22 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2012/06/27 05:32:20 | 000,357,808 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2012/06/27 05:32:18 | 001,897,960 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2012/06/27 05:32:18 | 001,846,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2012/05/30 12:28:42 | 000,244,832 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2012/05/30 12:28:40 | 000,105,568 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2012/05/03 15:22:22 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2012/04/24 19:58:08 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2012/04/24 18:55:46 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2012/04/24 18:32:50 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2012/02/26 09:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)

SRV - [2012/01/16 10:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV - [2011/08/29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2011/04/05 11:43:50 | 000,365,912 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\SASrv.exe -- (SAService)

SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2011/02/07 15:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/02/25 06:04:40 | 000,263,536 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)

SRV - [2009/12/17 14:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\vmx86.sys -- (vmx86)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmusb.sys -- (vmusb)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/02/14 09:22:57 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)

DRV - [2013/02/11 09:27:04 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/02/11 09:27:03 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/10/31 20:05:16 | 000,098,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)

DRV - [2012/10/31 20:04:50 | 000,102,256 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)

DRV - [2012/10/31 20:02:28 | 000,030,000 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)

DRV - [2012/10/31 19:59:04 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)

DRV - [2012/10/31 19:58:46 | 000,015,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)

DRV - [2012/10/31 19:58:02 | 000,144,408 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\vmhgfs.sys -- (vmhgfs)

DRV - [2012/08/12 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/08/12 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/07/05 20:44:52 | 000,023,608 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV - [2012/06/27 07:30:05 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/06/27 05:32:28 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)

DRV - [2012/06/27 05:32:22 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2012/06/27 05:32:22 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2012/06/27 05:32:22 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2012/06/27 05:32:20 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)

DRV - [2012/06/27 05:32:20 | 000,067,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)

DRV - [2012/06/03 07:24:50 | 010,260,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)

DRV - [2012/05/30 11:06:56 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2012/05/23 13:42:45 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2012/05/23 13:42:45 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2012/05/23 13:42:44 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2012/05/23 13:42:42 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2012/05/03 15:22:22 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2012/01/11 11:22:30 | 000,203,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)

DRV - [2011/12/28 05:40:02 | 000,129,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)

DRV - [2011/12/28 05:40:02 | 000,022,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)

DRV - [2011/11/25 00:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)

DRV - [2011/11/13 20:45:12 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)

DRV - [2011/10/03 21:45:52 | 001,280,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2011/07/12 09:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)

DRV - [2011/05/30 17:21:24 | 000,011,976 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)

DRV - [2011/05/25 16:22:00 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\risdxc86.sys -- (risdxc)

DRV - [2011/04/05 13:01:40 | 000,933,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2011/04/05 13:01:40 | 000,556,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2011/04/05 13:01:40 | 000,118,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2011/04/05 13:01:40 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2011/04/05 13:01:40 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2011/03/04 17:14:34 | 000,132,096 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)

DRV - [2011/01/24 11:37:08 | 000,024,064 | R--- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CipcCdp.sys -- (CipcCdp)

DRV - [2011/01/17 12:37:14 | 000,260,864 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)

DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2009/12/17 14:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)

DRV - [2009/07/13 15:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)

DRV - [2007/04/03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/02/19 00:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2004/06/28 11:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\..\SearchScopes\{2530C5A3-0353-47BE-8143-6A37065F434A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=27470FFF-8558-43E7-9675-CC3788BB6CBD&apn_sauid=7E7A0B53-84F6-4C02-BD4D-29A0AB2C5CF2

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\..\SearchScopes\{5831704B-3EC2-424F-8720-7EAF83E8EC15}: "URL" = http://www.bing.com/search?q={searchTerms}&r=343

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\..\SearchScopes\{6919A853-A368-40AE-B87C-40A3160507FD}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_11\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_11\lib\deploy\jqs\ff [2012/09/14 12:27:41 | 000,000,000 | ---D | M]

[2013/01/16 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/02/13 11:10:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_11\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_11\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_11\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ManageEngine Desktop Central Agent.lnk = C:\Program Files\DesktopCentral_Agent\bin\dcagenttrayicon.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Documents and Settings\rem\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

O4 - Startup: C:\Documents and Settings\rem\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1

O7 - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1

O7 - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-3470109805-3281939533-2392199302-3417\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349959297402 (MUWebControl Class)

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://mynah/arview2.cab (ActiveReports Viewer2)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {BC668528-12DE-44EC-A814-AEA8FCA99557} http://mynah/xadb8.cab (ComponentOne XArrayDB 8.0 Object)

O16 - DPF: {C019193E-8194-41F2-8298-2459A48A7EC8} http://mynah/tdbl8.cab (True DBCombo 8 Control)

O16 - DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} http://mynah/vsflex7l.cab (:-) VideoSoft FlexGrid 7.0 (Light))

O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)

O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} http://mynah/sscala32.cab (SSDateCombo Control)

O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tbaytel.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42B1091-5DD0-4835-A7C1-D8A7D6D973FB}: DhcpNameServer = 10.1.3.7 10.2.1.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E59DC57A-3D22-4F10-AFC1-1DC4772A8408}: DhcpNameServer = 192.168.15.1

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (AuthenTec Inc.)

O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - C:\WINDOWS\System32\TPSvc.dll (Cortado AG)

O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - (VMUpgradeAtShutdownWXP.dll) - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/08/02 13:38:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/08/05 11:01:19 | 000,000,046 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 09:55:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rem\Desktop\OTL.exe

[2013/02/15 09:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\Conduit

[2013/02/15 09:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/02/15 09:11:13 | 000,000,000 | ---D | C] -- C:\JRT

[2013/02/15 09:11:04 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\rem\Desktop\JRT.exe

[2013/02/15 08:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Desktop\RK_Quarantine

[2013/02/14 13:56:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\rem\Desktop\tdsskiller.exe

[2013/02/13 13:03:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\rem\Desktop\dds.scr

[2013/02/13 11:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\TBTEmail

[2013/02/13 11:34:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/02/13 10:48:36 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/02/13 10:47:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/02/13 10:47:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/02/13 10:47:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/02/13 10:47:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/02/13 10:46:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/02/13 10:45:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rem\Start Menu\Programs\Administrative Tools

[2013/02/13 10:45:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/02/13 10:43:31 | 005,032,105 | R--- | C] (Swearware) -- C:\Documents and Settings\rem\Desktop\ComboFix.exe

[2013/02/13 10:42:07 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\rem\Desktop\rkill.exe

[2013/02/13 08:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\NPE

[2013/02/13 08:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2013/02/12 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Application Data\Wireshark

[2013/02/12 13:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\My Documents\ProcAlyzer Dumps

[2013/02/12 11:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2013/02/12 11:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2

[2013/02/12 11:38:37 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe

[2013/02/12 11:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2013/02/12 11:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Desktop\mbar

[2013/02/11 18:59:03 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2013/02/11 14:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Application Data\Malwarebytes

[2013/02/11 14:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/02/11 14:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/02/11 14:25:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/02/11 14:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/02/11 14:00:06 | 000,000,000 | ---D | C] -- C:\toolbarImages

[2013/02/11 11:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\CRE

[2013/02/06 10:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote

[2013/02/02 23:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\Eastman_Kodak_Company

[2013/02/02 23:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\Kodak

[2013/02/02 23:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company

[2013/02/02 23:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\Eastman Kodak Company

[2013/02/02 23:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company

[2013/02/02 23:25:43 | 000,000,000 | ---D | C] -- C:\d36a37b3b5fc4d68196bb80d

[2013/02/02 23:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak

[2013/02/02 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak

[2013/02/01 10:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS

[2013/01/30 13:15:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\rem\Recent

[2013/01/30 10:04:40 | 000,144,408 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmhgfs.sys

[2013/01/30 10:04:40 | 000,050,840 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmhgfs.dll

[2013/01/30 04:52:53 | 000,017,968 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys

[2013/01/30 04:52:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\$Reconfig$

[2013/01/29 09:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\VMware

[2013/01/29 09:14:56 | 000,000,000 | ---D | C] -- C:\Firefox

[2013/01/29 08:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Local Settings\Application Data\Sun

[2013/01/29 08:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/01/28 09:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ubiquiti Networks

[2013/01/24 10:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Configuration Professional

[2013/01/21 16:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData

[2013/01/16 13:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/01/16 13:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rem\Downloads

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/15 09:55:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rem\Desktop\OTL.exe

[2013/02/15 09:55:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/02/15 09:32:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\DCAgentUpdater.job

[2013/02/15 09:19:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/15 09:11:12 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\rem\Desktop\JRT.exe

[2013/02/15 09:08:55 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2013/02/15 09:08:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/02/15 09:08:44 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/15 09:06:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/02/15 08:48:53 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\rem\Desktop\adwcleaner0.exe

[2013/02/15 08:23:49 | 000,798,208 | ---- | M] () -- C:\Documents and Settings\rem\Desktop\RogueKiller.exe

[2013/02/14 16:07:05 | 000,000,048 | ---- | M] () -- C:\WINDOWS\ptw.cfg

[2013/02/14 16:07:04 | 000,000,915 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG

[2013/02/14 16:07:04 | 000,000,104 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG

[2013/02/14 15:44:47 | 000,010,674 | ---- | M] () -- C:\Documents and Settings\rem\My Documents\OLG circuit details.pdf

[2013/02/14 13:57:06 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\rem\Desktop\tdsskiller.exe

[2013/02/14 10:47:46 | 000,000,370 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2013/02/14 09:22:57 | 000,174,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys

[2013/02/14 08:23:53 | 000,056,635 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2013/02/13 15:41:04 | 000,635,864 | ---- | M] () -- C:\Documents and Settings\rem\Desktop\cbsidlm-tr1_10a-Smart_Toolbar_Remover-ORG-10972491.exe

[2013/02/13 13:03:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\rem\Desktop\dds.scr

[2013/02/13 11:10:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/02/13 10:48:48 | 000,000,355 | RHS- | M] () -- C:\boot.ini

[2013/02/13 10:45:24 | 005,032,105 | R--- | M] (Swearware) -- C:\Documents and Settings\rem\Desktop\ComboFix.exe

[2013/02/13 10:42:08 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\rem\Desktop\rkill.exe

[2013/02/13 09:57:12 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\rem\Desktop\MARTENS.lnk

[2013/02/13 09:42:40 | 000,000,245 | ---- | M] () -- C:\Boot.bak

[2013/02/12 11:38:54 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk

[2013/02/12 11:31:50 | 013,711,621 | ---- | M] () -- C:\Documents and Settings\rem\My Documents\mbar-1.01.0.1020.zip

[2013/02/11 19:11:21 | 000,759,929 | ---- | M] () -- C:\Documents and Settings\rem\Local Settings\Application Data\census.cache

[2013/02/11 19:10:46 | 000,216,533 | ---- | M] () -- C:\Documents and Settings\rem\Local Settings\Application Data\ars.cache

[2013/02/11 18:55:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\rem\Local Settings\Application Data\housecall.guid.cache

[2013/02/11 14:25:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/11 14:04:14 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/02/03 00:27:18 | 000,000,914 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/01/30 12:03:50 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/01/30 09:31:14 | 000,503,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/30 09:31:14 | 000,088,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/24 15:03:09 | 000,001,012 | ---- | M] () -- C:\Documents and Settings\rem\SDM-2.5-1841-c1841-advipservicesk9-mz.124-18.bin

[2013/01/24 10:26:34 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cisco Configuration Professional.lnk

[2013/01/23 09:55:52 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tbaytel.lnk

[2013/01/22 10:12:59 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\rem\Local Settings\Application Data\PUTTY.RND

[2013/01/21 09:59:57 | 041,007,652 | ---- | M] () -- C:\Documents and Settings\rem\Desktop\TbaytelEmail_install.exe

[2013/01/18 15:42:15 | 000,009,204 | ---- | M] () -- C:\Documents and Settings\rem\My Documents\PowerTerm_ Print Screen.pdf

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/15 08:48:43 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\rem\Desktop\adwcleaner0.exe

[2013/02/15 08:23:39 | 000,798,208 | ---- | C] () -- C:\Documents and Settings\rem\Desktop\RogueKiller.exe

[2013/02/14 15:44:44 | 000,010,674 | ---- | C] () -- C:\Documents and Settings\rem\My Documents\OLG circuit details.pdf

[2013/02/14 10:47:38 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2013/02/13 15:41:03 | 000,635,864 | ---- | C] () -- C:\Documents and Settings\rem\Desktop\cbsidlm-tr1_10a-Smart_Toolbar_Remover-ORG-10972491.exe

[2013/02/13 11:50:35 | 000,001,458 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Tbaytel Email.lnk

[2013/02/13 11:50:35 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tbaytel Email.lnk

[2013/02/13 10:48:47 | 000,000,245 | ---- | C] () -- C:\Boot.bak

[2013/02/13 10:48:44 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/02/13 10:47:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/02/13 10:47:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/02/13 10:47:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/02/13 10:47:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/02/13 10:47:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/02/13 09:57:12 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\rem\Desktop\MARTENS.lnk

[2013/02/12 16:29:26 | 041,007,652 | ---- | C] () -- C:\Documents and Settings\rem\Desktop\TbaytelEmail_install.exe

[2013/02/12 11:38:54 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2013/02/12 11:38:54 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk

[2013/02/12 11:31:40 | 013,711,621 | ---- | C] () -- C:\Documents and Settings\rem\My Documents\mbar-1.01.0.1020.zip

[2013/02/11 19:11:21 | 000,759,929 | ---- | C] () -- C:\Documents and Settings\rem\Local Settings\Application Data\census.cache

[2013/02/11 19:10:46 | 000,216,533 | ---- | C] () -- C:\Documents and Settings\rem\Local Settings\Application Data\ars.cache

[2013/02/11 18:55:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\rem\Local Settings\Application Data\housecall.guid.cache

[2013/02/11 14:25:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/02 23:29:17 | 000,000,914 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/01/24 15:03:09 | 000,001,012 | ---- | C] () -- C:\Documents and Settings\rem\SDM-2.5-1841-c1841-advipservicesk9-mz.124-18.bin

[2013/01/24 10:26:34 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cisco Configuration Professional.lnk

[2013/01/23 09:55:51 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tbaytel.lnk

[2013/01/18 15:42:00 | 000,009,204 | ---- | C] () -- C:\Documents and Settings\rem\My Documents\PowerTerm_ Print Screen.pdf

[2013/01/14 20:50:19 | 000,984,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/12/06 20:17:08 | 000,841,864 | ---- | C] () -- C:\WINDOWS\System32\dclibxml2.dll

[2012/10/12 13:20:17 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\rem\.packettracer

[2012/09/18 17:35:26 | 000,001,210 | ---- | C] () -- C:\Documents and Settings\rem\SDM-2.5-877-c870-advipservicesk9-mz.124-15.T5.bin

[2012/09/18 09:01:59 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe

[2012/08/20 08:45:34 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2012/08/20 08:32:26 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin

[2012/08/15 13:59:50 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\rem\Local Settings\Application Data\fusioncache.dat

[2012/08/02 09:19:37 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll

[2012/08/02 09:19:37 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll

[2012/08/02 09:19:37 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll

[2012/08/02 09:19:37 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll

[2012/08/02 09:19:37 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll

[2012/07/04 14:26:33 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/06/09 18:38:45 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\rem\jagex_cl_runescape_LIVE.dat

[2012/06/09 18:38:45 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\rem\random.dat

[2012/05/31 15:24:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\rem\Local Settings\Application Data\PUTTY.RND

[2012/05/29 07:15:02 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\rem\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/05/22 07:46:44 | 000,001,050 | RHS- | C] () -- C:\Documents and Settings\rem\ntuser.pol

[2012/05/08 02:24:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/05/07 16:09:43 | 000,056,635 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2012/05/03 15:22:22 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2011/08/04 14:47:38 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/08/03 12:38:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/08/02 15:12:30 | 000,195,480 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin

[2011/08/02 15:12:30 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011/08/02 15:12:29 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin

[2011/08/02 15:12:29 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin

[2011/08/02 15:12:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

[2011/08/02 15:08:58 | 000,002,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat

[2011/08/02 15:08:17 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini

[2011/08/02 15:08:17 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini

[2011/08/02 15:08:17 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini

[2011/08/02 15:05:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll

[2011/08/02 13:40:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/08/02 13:35:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/08/02 09:14:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/08/02 09:13:43 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/05 11:44:02 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2011/03/31 16:58:32 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin

========== ZeroAccess Check ==========

[2011/08/02 14:45:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/25 10:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cisco

[2011/10/25 10:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TbaytelEmail

[2012/08/15 14:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boson

[2012/08/29 13:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cantilever Retaining Wall

[2011/08/05 08:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco

[2013/02/03 00:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company

[2012/09/12 07:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2012/07/06 10:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Middle Atlantic Products

[2012/06/05 07:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Numara Deploy

[2012/08/20 09:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2012/07/27 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter

[2013/01/30 13:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\Azureus

[2013/01/14 22:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\Cisco

[2012/08/16 14:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\Dropbox

[2012/05/23 08:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\ImgBurn

[2012/11/09 16:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\KeePass

[2012/08/20 10:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\PwrMgr

[2013/02/06 09:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\SAP

[2012/09/06 19:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\SmartDraw

[2013/02/15 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\TbaytelEmail

[2013/02/12 15:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\Wireshark

[2012/06/27 10:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rem\Application Data\YouTube Downloader

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 2/15/2013 9:56:14 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\rem\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 498.37 Mb Available Physical Memory | 64.94% Memory free

1.83 Gb Paging File | 1.28 Gb Available in Paging File | 69.97% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.99 Gb Total Space | 15.49 Gb Free Space | 38.73% Space Free | Partition Type: NTFS

Drive D: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COVE | User Name: rem | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3470109805-3281939533-2392199302-3417\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"445:tcp:10.1.4.0/24,10.2.1.0/24,10.2.16.0/24:enabled:Deploy and AWRC" = 445:tcp:10.1.4.0/24,10.2.1.0/24,10.2.16.0/24:enabled:Deploy and AWRC

"445:tcp:10.1.7.0/24,10.2.30.0/24:enabled:new helpdesk and systems segments" = 445:tcp:10.1.7.0/24,10.2.30.0/24:enabled:new helpdesk and systems segments

"445:tcp:10.2.1.0/24,10.1.4.0/24:enabled:remote access" = 445:tcp:10.2.1.0/24,10.1.4.0/24:enabled:remote access

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]

"Enabled" = 1

"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]

"445:tcp:10.2.1.0/24,10.1.4.0/24:enabled:remote access" = 445:tcp:10.2.1.0/24,10.1.4.0/24:enabled:remote access

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"9089:TCP" = 9089:TCP:*:Enabled:VMware vCenter Converter Standalone - Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

"C:\Documents and Settings\rem\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\rem\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox

"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd Service

"C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe:*:Enabled:VMware Workstation Server

"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Runtime Environment -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment

"C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe" = C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe:*:Enabled:Ubiquiti AirControl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe" = C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits

"{068B65E6-8960-4FAD-B143-126D86F228EE}" = Cisco SDM

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0CE91346-7EEF-4F4E-9AA6-E42E605AE7CA}" = Martens

"{12F69331-DCBB-46D5-B475-6BFD0F9048B3}" = Boson Exam Environment

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java 6 Update 11

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{29342492-9F4F-4089-866A-10D801B610FD}" = Cisco Configuration Professional

"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{362ADCE1-0118-4DBC-82CB-12B972735049}" = IBM USB-to-Serial

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4AEE2BEB-46A2-47F8-BCC7-6710EFFFF0E2}" = RackTools 3.5

"{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets

"{525421DB-9216-4188-BA29-9F174781547D}" = Intranet_TheLoop

"{5E2E4797-502A-4FFD-81EC-F9BA8BF0C581}" = Symantec Endpoint Protection

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}" = ManageEngine Desktop Central 8 - Agent

"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75D2E2D2-AEF6-4378-BA5C-C5B9E8439C2D}" = SAP_GUI_7.10

"{7AD5EA39-06F0-4D29-915D-3D908B6AA2AF}" = Intel® PROSet/Wireless WiFi Software

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CE15E64-886F-4172-BBD1-2BEB8BDE3EB3}" = SAP_ini_update_2009-09-30

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003

"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003

"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)

"{A4E5E9A9-BC6C-476C-8D32-12AFE348CA9D}" = VMware Tools

"{A763D3CB-532B-4A09-91DB-8C46E70CA792}" = Cisco IP Communicator

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B43DFAE3-2022-4246-87D4-29E622F69EB2}" = Suite_Solutions_Active_X

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BE20EFCC-2AE7-40CB-8900-7B892FF5CD98}" = ThinkVantage Fingerprint Software

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel® Identity Protection Technology 1.0.74.0

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{DCA963D4-6AA2-11E2-80AA-984BE15F174E}" = Evernote v. 4.6.2

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F48BE301-EC78-4686-B580-EE4934558798}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"Accesscare_Web" = Accesscare_Web

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"CCleaner" = CCleaner

"Cisco Packet Tracer 5.3_is1" = Cisco Packet Tracer 5.3

"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD

"Dynamic Edge - File Path Copy_is1" = Dynamic Edge - File Path Copy 1.0

"FileZilla Server" = FileZilla Server

"Gadwin PrintScreen" = Gadwin PrintScreen

"GalaxyNexusToolKit72" = Galaxy Nexus ToolKit

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"LinuxLive USB Creator" = LinuxLive USB Creator

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"OnScreenDisplay" = On Screen Display

"PdaNet_is1" = PdaNet for Android 3.50

"Power Management Driver" = Lenovo Power Management Driver

"ProInst" = Intel PROSet Wireless

"PROSet" = Intel® Network Connections Drivers

"Putty" = Putty

"SAPGUI710" = SAP GUI for Windows 7.20

"Shortcut_Incident_Map" = Shortcut_Incident_Map

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"TbaytelEmail" = TbaytelEmail

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Ultravnc2_is1" = UltraVnc

"VLC media player" = VLC media player 2.0.4

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinPcapInst" = WinPcap 4.1.2-Spiceworks

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"winusb0200" = Microsoft WinUsb 2.0

"Wireshark" = Wireshark 1.6.8 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2/13/2013 12:10:36 PM | Computer Name = COVE | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 2/13/2013 12:10:39 PM | Computer Name = COVE | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 2/14/2013 5:21:54 PM | Computer Name = COVE | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 2/15/2013 9:18:21 AM | Computer Name = COVE | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 2/15/2013 9:18:22 AM | Computer Name = COVE | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 2/15/2013 9:19:19 AM | Computer Name = COVE | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 2/15/2013 10:04:05 AM | Computer Name = COVE | Source = Symantec AntiVirus | ID = 16711725

Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec

Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged

Actor

Process: C:\Documents and Settings\rem\Desktop\adwcleaner0.exe (PID 2332) Time:

Friday, February 15, 2013 9:04:05 AM

Error - 2/15/2013 10:08:39 AM | Computer Name = COVE | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 2/15/2013 10:08:39 AM | Computer Name = COVE | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 2/15/2013 10:08:40 AM | Computer Name = COVE | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

[ Cisco AnyConnect VPN Client Events ]

Error - 1/24/2013 12:24:44 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 349 Invoked

Function: CTransport::SendRequest Return Code: -29949931 (0xFE370015) Description:

CTRANSPORT_ERROR_CONNECT_FAILED

Error - 1/24/2013 12:24:44 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 994 Invoked

Function: ConnectIfc::connect Return Code: -29949931 (0xFE370015) Description: CTRANSPORT_ERROR_CONNECT_FAILED

Error - 1/24/2013 12:24:44 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1213

Invoked

Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unrecognized content type (Unknown) received.

Error - 1/24/2013 12:24:44 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1239

Invoked

Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unable to process response from defender1.tbaytel.com.

Error - 1/24/2013 12:24:44 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1320

Invoked

Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unable to contact defender1.tbaytel.com.

Error - 1/24/2013 12:25:24 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1213

Invoked

Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unrecognized content type (Unknown) received.

Error - 1/24/2013 12:25:24 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1239

Invoked

Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unable to process response from 216.211.23.59.

Error - 1/24/2013 12:25:45 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1213

Invoked

Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unrecognized content type (Unknown) received.

Error - 1/24/2013 12:25:45 PM | Computer Name = COVE | Source = vpnui | ID = 67108866

Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1239

Invoked

Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:

GLOBAL_ERROR_UNEXPECTED Unable to process response from 216.211.23.59.

Error - 2/3/2013 12:05:39 AM | Computer Name = COVE | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::OnLoadPreferencesComplete File: .\MainThread.cpp

Line:

2565 Invoked Function: setAnyConnectRunKeyValue Return Code: -2147024894 (0x80070002)

Description:

The system cannot find the file specified.

[ Lenovo-Lenovo Patch Utility/Admin Events ]

Error - 8/20/2012 11:08:06 AM | Computer Name = COVE | Source = Lenovo Patch Utility | ID = 1

Description = HttpFileDownloader failed to download the file "http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpuupdates//BATTERY.MANIFEST.XML".

Error message: The remote server returned an error: (404) Not Found.

Error - 8/20/2012 11:08:06 AM | Computer Name = COVE | Source = Lenovo Patch Utility | ID = 2

Description = manifest file was not found on server

Error - 8/20/2012 11:08:06 AM | Computer Name = COVE | Source = Lenovo Patch Utility | ID = 2

Description = no manifest found on server. return code:17

Error - 9/5/2012 9:13:11 PM | Computer Name = COVE | Source = Lenovo Patch Utility | ID = 1

Description = HttpFileDownloader failed to download the file "http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches//PM.manifest.xml".

Error message: The remote server returned an error: (404) Not Found.

Error - 9/5/2012 9:13:11 PM | Computer Name = COVE | Source = Lenovo Patch Utility | ID = 2

Description = manifest file was not found on server

Error - 12/21/2012 9:09:23 AM | Computer Name = COVE | Source = Lenovo Patch Utility | ID = 1

Description = HttpFileDownloader failed to download the file "http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches//PM.manifest.xml".

Error message: The remote server returned an error: (404) Not Found.

[ System Events ]

Error - 2/15/2013 10:09:19 AM | Computer Name = COVE | Source = Service Control Manager | ID = 7000

Description = The VMware Network Application Interface service failed to start due

to the following error: %%2

Error - 2/15/2013 10:09:21 AM | Computer Name = COVE | Source = Service Control Manager | ID = 7001

Description = The VMware NAT Service service depends on the VMware Network Application

Interface service which failed to start because of the following error: %%2

Error - 2/15/2013 10:09:21 AM | Computer Name = COVE | Source = Service Control Manager | ID = 7001

Description = The VMware Workstation Server service depends on the VMware Authorization

Service service which failed to start because of the following error: %%1068

Error - 2/15/2013 10:09:21 AM | Computer Name = COVE | Source = Service Control Manager | ID = 7023

Description = The VMware USB Arbitration Service service terminated with the following

error: %%2

Error - 2/15/2013 10:09:22 AM | Computer Name = COVE | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 2/15/2013 10:09:23 AM | Computer Name = COVE | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 2/15/2013 10:09:25 AM | Computer Name = COVE | Source = Service Control Manager | ID = 7001

Description = The VMware DHCP Service service depends on the VMware Network Application

Interface service which failed to start because of the following error: %%2

Error - 2/15/2013 10:09:27 AM | Computer Name = COVE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

lenovo.smi

Error - 2/15/2013 10:24:26 AM | Computer Name = COVE | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 29 minutes. NtpClient has no source of accurate

time.

Error - 2/15/2013 10:54:26 AM | Computer Name = COVE | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 59 minutes. NtpClient has no source of accurate

time.

< End of report >

[MrCharlie]

The scan doesn't even pick up TbaytelEmail, can you reinstall it?

MrC

[raen_rfm]

I guess that's my only option...it's a company customized client for gmail. I tried re-installing it but the toolbar came back

[raen_rfm]

should i uninstall and run any of these tools again? Then re-install the Tbaytel app?

[MrCharlie]

Did you run ComboFix???

Lets start form the beginning......

Run this scan:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[raen_rfm]

didn't run combo fix...toolbar came back after uninstalling tbaytelmail and cleaning up registry...re-installed and it's back. ok I will do the next step here.

[raen_rfm]

Did not detect anything!

mbar-log-2013-02-15 (15-31-57).txt

system-log.txt

[MrCharlie]

Well we have to check....next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[raen_rfm]

Here you go.

ComboFix.txt

[MrCharlie]

What is this program:

Accesscare_Web

What's this folder for??

C:\toolbarImages

Delete this folder:

c:\documents and settings\rem\Local Settings\Application Data\Conduit

You may have to enable hidden files to se it:

http://www.howtogeek...-folders-in-xp/

MrC