Jump to content

Help Infected / Crashes - Logs Below


TKA175

Recommended Posts

Hello,

I'm following the instructions in the "I'm infected what do I do now" post.

Background: IE crashes upon start. MBAM was working (have been running it for a couple of months) but now is not - I get the "Run-time error '0' and '440' mesages.

I initially tried to uninstall / reinstall MBAM but was not able to - when I go to uninstall I get the same run-time error's.

Next up, I ran Avira per the instructions which installed successfully, ran a full scan, and found many errors.

Then, I ran defogger and it seemed to run and ended with "OK" but it never prompted me to restart which the instructions had said it would. So, I'm not sure if I should post the defrogger log or not, please let me know.

I was able to run DDS, the log is below and the attach.zip is attached.

I was not able to run GMER - it crashed and gave the blue screen each time I tried to run it. I also tried running it in safe mode, but it crashed there as well.

Here is the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by TCB at 16:24:27.76 on Sun 09/05/2010

Internet Explorer: 8.0.6001.18928

Microsoft

Attach.zip

Link to post
Share on other sites

Hello ,

And :blink: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi Elise,

Thanks for your assistance.

Here are the requested logs:

OTL

OTL logfile created on: 9/6/2010 10:37:45 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\TCB\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.82 Gb Total Space | 68.55 Gb Free Space | 49.74% Space Free | Partition Type: NTFS

Drive D: | 991.22 Mb Total Space | 526.22 Mb Free Space | 53.09% Space Free | Partition Type: FAT

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Q: | 9.77 Gb Total Space | 4.10 Gb Free Space | 41.99% Space Free | Partition Type: NTFS

Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.06% Space Free | Partition Type: NTFS

Computer Name: TCB-PC

Current User Name: TCB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 22:31:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe

PRC - [2010/07/22 22:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/19 08:10:18 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/01/21 15:42:50 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe

PRC - [2010/01/21 15:42:02 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/08/28 09:53:55 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/28 09:53:50 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/28 09:53:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/08/24 09:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe

PRC - [2009/06/17 07:17:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/20 20:07:26 | 000,165,152 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2009/02/20 20:07:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2009/02/20 20:07:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2009/02/20 20:07:16 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2009/02/20 19:44:20 | 000,573,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2008/10/26 13:37:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

PRC - [2008/08/11 01:53:12 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2008/08/08 06:13:12 | 000,053,325 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2008/07/30 15:00:00 | 000,060,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2008/06/25 06:14:59 | 003,077,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

PRC - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2008/06/08 14:00:00 | 000,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

PRC - [2008/06/08 14:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE

PRC - [2008/06/06 21:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe

PRC - [2008/06/04 13:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/05/24 19:49:56 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/05/24 19:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2008/05/24 19:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe

PRC - [2008/05/14 05:36:36 | 000,036,128 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe

PRC - [2008/04/15 23:38:24 | 000,315,392 | R--- | M] (Lenovo) -- C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

PRC - [2008/04/10 04:57:40 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2008/03/23 21:15:06 | 000,064,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

PRC - [2008/03/20 00:46:46 | 000,077,824 | R--- | M] (ATK0101) -- C:\Program Files\Lenovo\ATK Hotkey\LControl.exe

PRC - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

PRC - [2008/01/20 22:33:24 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

PRC - [2007/10/03 00:53:00 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe

PRC - [2007/02/10 08:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2007/02/01 14:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe

PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2010/09/06 22:31:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe

MOD - [2009/08/28 09:53:55 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

MOD - [2008/01/20 22:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2008/01/20 22:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)

SRV - [2010/07/06 13:28:44 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/01/21 15:42:50 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)

SRV - [2010/01/21 15:42:02 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)

SRV - [2009/09/07 19:47:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/08/28 09:53:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/02/20 20:07:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2009/02/20 20:07:16 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2008/10/26 13:37:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)

SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)

SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)

SRV - [2008/08/08 06:13:12 | 000,053,325 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)

SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2008/05/24 19:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2008/05/24 19:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2008/05/14 05:36:36 | 000,036,128 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2008/04/25 11:18:10 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2008/04/25 11:18:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2008/04/25 11:16:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2008/04/25 11:15:58 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)

SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/10/03 00:53:00 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2007/02/10 08:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/08/28 09:53:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/28 09:53:54 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/07/19 22:42:00 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/06/17 07:49:03 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2009/06/17 07:48:31 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/12/04 00:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2008/10/27 19:29:36 | 002,476,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/10/26 13:37:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2008/09/21 16:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/09/17 22:14:44 | 000,251,392 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)

DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2008/05/14 05:36:00 | 000,022,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2008/04/18 19:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2008/04/14 21:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/04/10 08:11:12 | 000,199,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/03/25 02:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2008/03/25 02:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2008/03/25 02:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2008/01/20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 22:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008/01/20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 22:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2008/01/20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 22:32:48 | 000,024,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\crcdisk.sys -- (crcdisk)

DRV - [2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/12/14 18:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\A0101V32.sys -- (MTsensor)

DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/22 09:04:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{59D24DCB-324C-440D-BAF1-05B62070B95E}: C:\Users\TCB\AppData\Local\{59D24DCB-324C-440D-BAF1-05B62070B95E} [2010/09/03 10:08:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 10:31:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/03 10:31:31 | 000,000,000 | ---D | M]

[2010/09/03 10:32:48 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Mozilla\Extensions

[2010/09/06 22:23:18 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Mozilla\Firefox\Profiles\d398haq5.default\extensions

[2010/09/04 19:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TCB\AppData\Roaming\Mozilla\Firefox\Profiles\d398haq5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/03 10:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()

O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [ideaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.7

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\TCB\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\TCB\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/03/02 04:35:14 | 000,000,000 | ---D | M] - D:\Autorun -- [ FAT ]

O32 - AutoRun File - [2006/11/02 04:55:28 | 000,069,632 | ---- | M] () - D:\autorun.exe -- [ FAT ]

O32 - Unable to obtain root file information for disk D:\

O32 - Unable to obtain root file information for disk Q:\

O32 - Unable to obtain root file information for disk S:\

O33 - MountPoints2\{06594468-5b31-11de-8a44-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{06594468-5b31-11de-8a44-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 12:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)

O33 - MountPoints2\{233ec10c-0fa3-11df-98d7-002618385f8a}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006/11/02 04:55:28 | 000,069,632 | ---- | M] ()

O33 - MountPoints2\{680b5cc7-5b2b-19de-a924-002618385f8a}\Shell - "" = AutoRun

O33 - MountPoints2\{680b5cc7-5b2b-19de-a924-002618385f8a}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 18:37:58 | 000,180,224 | -HS- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2812020047-3391242175-1957312389-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/09/06 22:36:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe

[2010/09/05 01:39:45 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\Avira

[2010/09/05 01:32:08 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/09/05 01:32:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010/09/05 01:32:07 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/09/05 01:32:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010/09/05 01:32:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010/09/05 01:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/09/05 01:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/09/05 00:57:04 | 000,000,000 | ---D | C] -- C:\Users\TCB\Desktop\Dial-a-fix-v0.60.0.24

[2010/09/05 00:14:20 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2010/09/04 23:25:05 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/09/04 23:12:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2

[2010/09/03 10:31:41 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\Mozilla

[2010/09/03 10:31:41 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\Mozilla

[2010/09/03 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/09/03 08:05:21 | 000,000,000 | ---D | C] -- C:\N

[2010/09/03 08:01:17 | 000,000,000 | ---D | C] -- C:\M

[2010/09/03 07:57:13 | 000,000,000 | ---D | C] -- C:\L

[2010/09/03 07:53:10 | 000,000,000 | ---D | C] -- C:\K

[2010/09/03 07:49:29 | 000,000,000 | ---D | C] -- C:\J

[2010/09/03 07:45:30 | 000,000,000 | ---D | C] -- C:\I

[2010/09/03 00:20:38 | 000,000,000 | ---D | C] -- C:\H

[2010/08/29 16:40:29 | 000,000,000 | ---D | C] -- C:\G

[2010/08/17 17:21:05 | 000,000,000 | ---D | C] -- C:\F

[2010/08/17 17:17:36 | 000,000,000 | ---D | C] -- C:\E

[2010/08/10 17:38:05 | 000,000,000 | ---D | C] -- C:\D

[2010/08/10 17:34:21 | 000,000,000 | ---D | C] -- C:\C

[2010/07/26 20:41:31 | 000,000,000 | ---D | C] -- C:\B

[2010/07/23 18:28:09 | 000,000,000 | ---D | C] -- C:\A

[2010/07/18 00:31:42 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\{59D24DCB-324C-440D-BAF1-05B62070B95E}(173)

[2010/07/18 00:29:07 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\pomceeoxh

[2010/07/13 20:44:02 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\qugamwdrw

[2010/07/07 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\Malwarebytes

[2010/07/07 17:11:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/07/07 17:11:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/07/07 17:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/07 17:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/07/07 15:35:56 | 000,000,000 | ---D | C] -- C:\Users\TCB\Desktop\tdsskiller

[2010/07/07 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\TCB\Desktop\exefix_vista

[2010/07/06 23:31:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/07/06 23:31:27 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/07/06 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\Sunbelt Software

[2010/07/06 23:27:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{65893B95-F47B-4483-B883-86BA181E9B54}

[2010/07/06 23:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/07/06 23:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/07/06 23:07:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/07/06 19:53:56 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\{59D24DCB-324C-440D-BAF1-05B62070B95E}

[2010/06/26 11:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Gtek

[2010/06/26 11:02:10 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\GTek

========== Files - Modified Within 90 Days ==========

[2010/09/06 22:38:08 | 000,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/06 22:38:08 | 000,645,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/06 22:38:08 | 000,119,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/06 22:37:29 | 003,670,016 | -HS- | M] () -- C:\Users\TCB\ntuser.dat

[2010/09/06 22:33:24 | 000,133,632 | ---- | M] () -- C:\Users\TCB\Desktop\RKUnhookerLE.EXE

[2010/09/06 22:31:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe

[2010/09/06 21:29:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/06 21:29:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/06 19:35:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/06 19:29:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/06 19:29:24 | 3182,768,128 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/06 19:29:22 | 240,745,728 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/09/05 23:02:45 | 000,524,288 | -HS- | M] () -- C:\Users\TCB\NTUSER.DAT{81f53110-b3a9-11de-99c0-002618385f8a}.TMContainer00000000000000000001.regtrans-ms

[2010/09/05 23:02:45 | 000,065,536 | -HS- | M] () -- C:\Users\TCB\NTUSER.DAT{81f53110-b3a9-11de-99c0-002618385f8a}.TM.blf

[2010/09/05 23:02:14 | 001,500,244 | -H-- | M] () -- C:\Users\TCB\AppData\Local\IconCache.db

[2010/09/05 22:47:17 | 000,023,832 | ---- | M] () -- C:\Users\TCB\Desktop\Recipes.xlsx

[2010/09/05 16:31:54 | 000,293,376 | ---- | M] () -- C:\Users\TCB\Desktop\gw9sntqc.exe

[2010/09/05 14:48:24 | 000,000,000 | ---- | M] () -- C:\Users\TCB\defogger_reenable

[2010/09/05 10:20:27 | 000,000,206 | ---- | M] () -- C:\Users\TCB\Desktop\MBAM Fix.bat

[2010/09/05 01:44:06 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2010/09/05 01:41:18 | 000,050,477 | ---- | M] () -- C:\Users\TCB\Desktop\Defogger.exe

[2010/09/05 01:32:20 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/09/05 00:54:00 | 000,335,992 | ---- | M] () -- C:\Users\TCB\Desktop\Dial-a-fix-v0.60.0.24.zip

[2010/09/04 22:24:09 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/04 22:04:34 | 064,319,035 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/09/04 21:59:41 | 000,001,734 | ---- | M] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk

[2010/09/04 21:42:46 | 000,096,256 | ---- | M] () -- C:\Users\TCB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/03 10:31:45 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010/09/03 10:31:33 | 000,001,758 | ---- | M] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/03 10:31:33 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/09/03 10:10:23 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/08/10 21:21:31 | 000,068,096 | ---- | M] () -- C:\Users\TCB\Desktop\Application - April 2010[1].doc

[2010/08/10 21:20:28 | 000,049,152 | ---- | M] () -- C:\Users\TCB\Desktop\EEO Self Identification 4-10.doc

[2010/08/01 16:26:12 | 000,495,359 | ---- | M] () -- C:\Users\TCB\Desktop\onlineClaimFormHC.pdf

[2010/08/01 16:25:17 | 000,494,984 | ---- | M] () -- C:\Users\TCB\Documents\onlineClaimForm.pdf

[2010/08/01 16:19:22 | 000,602,833 | ---- | M] () -- C:\Users\TCB\Desktop\onlineClaimForm.pdf

[2010/07/27 22:27:23 | 000,017,408 | ---- | M] () -- C:\Users\TCB\Desktop\compare.xls

[2010/07/20 21:47:29 | 000,627,412 | ---- | M] () -- C:\Users\TCB\Desktop\350 Coddington Way Financing.PDF

[2010/07/18 16:56:35 | 000,031,232 | ---- | M] () -- C:\Users\TCB\Desktop\House Scenerio 2010.xls

[2010/07/18 00:31:44 | 000,000,000 | ---- | M] () -- C:\Users\TCB\AppData\Local\Vracaxiqexeji.bin

[2010/07/18 00:31:43 | 000,000,120 | ---- | M] () -- C:\Users\TCB\AppData\Local\Xtavoci.dat

[2010/07/15 22:06:16 | 000,000,680 | ---- | M] () -- C:\Users\TCB\AppData\Local\d3d9caps.dat

[2010/07/07 16:22:26 | 000,422,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/07/07 15:35:30 | 000,981,780 | ---- | M] () -- C:\Users\TCB\Desktop\tdsskiller.zip

[2010/07/07 15:32:03 | 000,000,632 | ---- | M] () -- C:\Users\TCB\Desktop\exefix_vista.zip

[2010/07/06 23:31:27 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/07/06 23:27:38 | 000,001,041 | ---- | M] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/06 23:27:38 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/07/06 13:28:44 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2010/06/27 00:05:44 | 000,002,609 | ---- | M] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2010/06/16 21:27:42 | 000,000,236 | ---- | M] () -- C:\Users\TCB\Desktop\AICPA CPE Self-Study Examinations.url

[2010/06/16 21:23:03 | 000,009,588 | ---- | M] () -- C:\Users\TCB\Desktop\AICPA CPE Self-Study Examinations.htm

========== Files Created - No Company Name ==========

[2010/09/06 22:36:59 | 000,133,632 | ---- | C] () -- C:\Users\TCB\Desktop\RKUnhookerLE.EXE

[2010/09/05 17:03:06 | 3182,768,128 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/05 16:32:46 | 000,293,376 | ---- | C] () -- C:\Users\TCB\Desktop\gw9sntqc.exe

[2010/09/05 14:48:24 | 000,000,000 | ---- | C] () -- C:\Users\TCB\defogger_reenable

[2010/09/05 14:48:03 | 000,050,477 | ---- | C] () -- C:\Users\TCB\Desktop\Defogger.exe

[2010/09/05 10:20:27 | 000,000,206 | ---- | C] () -- C:\Users\TCB\Desktop\MBAM Fix.bat

[2010/09/05 01:32:20 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/09/05 00:56:33 | 000,335,992 | ---- | C] () -- C:\Users\TCB\Desktop\Dial-a-fix-v0.60.0.24.zip

[2010/09/04 23:46:03 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2010/09/04 21:59:41 | 000,001,734 | ---- | C] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk

[2010/09/03 10:31:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/09/03 10:31:33 | 000,001,758 | ---- | C] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/03 10:31:33 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/08/10 21:19:25 | 000,049,152 | ---- | C] () -- C:\Users\TCB\Desktop\EEO Self Identification 4-10.doc

[2010/08/10 21:17:00 | 000,068,096 | ---- | C] () -- C:\Users\TCB\Desktop\Application - April 2010[1].doc

[2010/08/01 16:26:04 | 000,495,359 | ---- | C] () -- C:\Users\TCB\Desktop\onlineClaimFormHC.pdf

[2010/08/01 16:25:14 | 000,494,984 | ---- | C] () -- C:\Users\TCB\Documents\onlineClaimForm.pdf

[2010/08/01 16:19:19 | 000,602,833 | ---- | C] () -- C:\Users\TCB\Desktop\onlineClaimForm.pdf

[2010/07/27 22:27:22 | 000,017,408 | ---- | C] () -- C:\Users\TCB\Desktop\compare.xls

[2010/07/25 22:35:50 | 000,023,832 | ---- | C] () -- C:\Users\TCB\Desktop\Recipes.xlsx

[2010/07/20 21:47:20 | 000,627,412 | ---- | C] () -- C:\Users\TCB\Desktop\350 Coddington Way Financing.PDF

[2010/07/15 22:05:46 | 000,000,680 | ---- | C] () -- C:\Users\TCB\AppData\Local\d3d9caps.dat

[2010/07/07 18:53:59 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/07/07 17:11:12 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/07 15:49:52 | 000,599,040 | ---- | C] () -- C:\Windows\System32\msfeeds.dll

[2010/07/07 15:49:51 | 000,164,352 | ---- | C] () -- C:\Windows\System32\ieui.dll

[2010/07/07 15:35:25 | 000,981,780 | ---- | C] () -- C:\Users\TCB\Desktop\tdsskiller.zip

[2010/07/07 15:32:02 | 000,000,632 | ---- | C] () -- C:\Users\TCB\Desktop\exefix_vista.zip

[2010/07/06 23:41:07 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2010/07/06 23:27:38 | 000,001,041 | ---- | C] () -- C:\Users\TCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/06 23:27:38 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/07/06 23:06:43 | 240,745,728 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/07/06 19:53:56 | 000,000,120 | ---- | C] () -- C:\Users\TCB\AppData\Local\Xtavoci.dat

[2010/07/06 19:53:56 | 000,000,000 | ---- | C] () -- C:\Users\TCB\AppData\Local\Vracaxiqexeji.bin

[2010/06/16 21:27:42 | 000,000,236 | ---- | C] () -- C:\Users\TCB\Desktop\AICPA CPE Self-Study Examinations.url

[2010/06/16 21:23:03 | 000,009,588 | ---- | C] () -- C:\Users\TCB\Desktop\AICPA CPE Self-Study Examinations.htm

[2009/08/22 08:56:21 | 000,001,222 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/07/03 08:50:18 | 000,096,256 | ---- | C] () -- C:\Users\TCB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/17 07:48:04 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS

[2009/06/17 07:47:16 | 000,061,440 | R--- | C] () -- C:\Windows\System32\AABATT.dll

[2009/06/17 07:43:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2009/06/17 07:43:57 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2009/06/17 07:43:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2009/06/17 07:43:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2009/06/17 07:43:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2009/06/17 07:43:57 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2009/06/17 07:41:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2009/06/17 07:41:41 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2009/06/17 07:31:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll

[2009/06/17 07:31:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2009/06/17 07:29:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2006/11/02 04:52:27 | 000,024,632 | ---- | C] () -- C:\Windows\System32\drivers\crcdisk.sys

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/07/12 16:50:15 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Duav

[2010/05/05 21:21:41 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Facebook

[2009/11/20 10:17:11 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\InterVideo

[2009/06/26 17:11:49 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Lenovo

[2010/07/14 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Naatr

[2010/04/26 22:25:32 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\StreamTorrent

[2010/09/03 10:10:23 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/09/05 01:44:06 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

[2010/04/27 00:00:04 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/09/06 19:39:28 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Apparently, my logs were too big to post in one post, so I'm posting the second part here:

Extras Log

OTL Extras logfile created on: 9/6/2010 10:37:45 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\TCB\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.82 Gb Total Space | 68.55 Gb Free Space | 49.74% Space Free | Partition Type: NTFS

Drive D: | 991.22 Mb Total Space | 526.22 Mb Free Space | 53.09% Space Free | Partition Type: FAT

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Q: | 9.77 Gb Total Space | 4.10 Gb Free Space | 41.99% Space Free | Partition Type: NTFS

Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.06% Space Free | Partition Type: NTFS

Computer Name: TCB-PC

Current User Name: TCB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2812020047-3391242175-1957312389-1003\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{EF26B476-EB23-42D2-A194-5658146F55ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{F28D8804-9512-44B7-8084-A05818894898}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0140F916-72D3-4B17-84D8-5F499CE3034A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{08AB073E-3713-4CAD-8F30-75C48011F9D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{0F84E57A-9BE3-4E0A-BE5E-427FCEDFB16E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1F5372E2-14F7-4F27-8497-9F5A1BEBA718}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{26A84280-15F6-458B-B679-BEF301564776}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{2BAE4252-D4BB-4820-8FCE-692313D530D1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{2FB91879-7824-4267-AF57-2A0C1918BD43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{43663672-7D15-4F7E-8957-7881251B5729}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{4ADE2707-19BD-4734-A386-666A1576B8B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{5E3E89F1-1447-4C0F-8822-990DCC63053A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{63C0BD50-BB1E-4E8E-9C1B-F18D89D8604D}" = dir=in | app=e:\setup\hpznui01.exe |

"{663E34CF-1F8E-49E4-B6AE-B0F002A7C62F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{6DA4A16A-3BA9-422E-9660-53F849B3448C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{6E39AA07-9074-4CA7-BBDF-23383B3E3226}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7B9FD3CC-F780-4EF4-AB50-3D7448539B7C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{8505E522-1A0C-422B-B66A-0E6B6EDF912A}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{9576DFD0-21AD-410A-A13D-EEA24FE9433D}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{9CB45C6F-3530-4121-96B5-21DE22540415}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{B748D221-8B3F-4D3F-9766-DC4D261B9BB8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{BE2B3597-FA7B-48C3-BCA2-140D631D51CC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{C9CC76F3-88A8-48F4-A0E6-5E162BD8CDF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{E7CBB1B8-C25F-4F1F-8916-FC07653F0DCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{F12F706F-773F-42A7-8216-DC69AA3135DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"TCP Query User{1E594521-C45D-41ED-AEA0-F5DC96D66319}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"TCP Query User{2122B8A5-514A-41B7-B8F6-8F8A6486790F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{B1A8190A-906A-4319-AAD2-9ADE2E3ABF17}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"UDP Query User{DB9FB544-0DA3-4D40-812F-6F3A95E7B2EF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1189955B-C6E8-4606-AE6C-CD64791DB544}" = Mobile Broadband Connect

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant

"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc

"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min

"{345CECE8-C128-4AEF-B313-177EA44BB7DC}" = Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition

"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc

"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista

"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget

"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone

"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext

"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help

"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0

"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm

"{C0C17EF3-83ED-4956-8638-7354EBE7FFFF}" = Lenovo Idea Notes

"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS

"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4

"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan

"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0

"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care

"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update

"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService

"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300

"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5232150-5F44-4B21-9281-3869C7791B1E}" = SampleTestInstall

"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition

"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox

"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility

"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0

"AVG8Uninstall" = AVG Free 8.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

"ENTERPRISER" = Microsoft Office Enterprise 2007

"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 11.0

"HP Photosmart Essential" = HP Photosmart Essential 3.0

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0

"HPExtendedCapabilities" = HP Customer Participation Program 11.0

"HPOCR" = OCR Software by I.R.I.S. 11.0

"Lenovo Central" = Lenovo Central

"Lenovo Registration" = Lenovo Registration

"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo System Toolbox

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.

1" = Adobe Photoshop.com Inspiration Browser

"Power Management Driver" = ThinkPad Power Management Driver for SL Series

"PROHYBRIDR" = 2007 Microsoft Office system

"Shop for HP Supplies" = Shop for HP Supplies

"StreamTorrent 1.0" = StreamTorrent 1.0

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

"Windows Live Toolbar" = Windows Live Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2812020047-3391242175-1957312389-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/5/2010 10:03:52 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/5/2010 10:08:29 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/5/2010 10:19:20 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/5/2010 10:43:01 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/5/2010 10:47:18 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/6/2010 11:44:16 AM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/6/2010 10:23:31 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/6/2010 10:27:06 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/6/2010 10:28:59 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

Error - 9/6/2010 10:36:55 PM | Computer Name = TCB-PC | Source = Windows Search Service | ID = 3083

Description =

[ System Events ]

Error - 7/24/2010 12:26:01 PM | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 7/24/2010 12:26:03 PM | Computer Name = TCB-PC | Source = DCOM | ID = 10005

Description =

Error - 7/24/2010 12:26:08 PM | Computer Name = TCB-PC | Source = DCOM | ID = 10005

Description =

Error - 7/24/2010 12:26:08 PM | Computer Name = TCB-PC | Source = DCOM | ID = 10005

Description =

Error - 7/24/2010 12:26:08 PM | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 7/24/2010 12:26:08 PM | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 7/24/2010 12:26:44 PM | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 7/24/2010 12:26:45 PM | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 7/24/2010 12:26:46 PM | Computer Name = TCB-PC | Source = DCOM | ID = 10005

Description =

Error - 7/24/2010 4:36:38 PM | Computer Name = TCB-PC | Source = HTTP | ID = 15016

Description =

< End of report >

RKU Report

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6001 (Service Pack 1)

Number of processors #2

==============================================

>Drivers

==============================================

0x8E201000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7319552 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81E19000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)

0x81E19000 PnpManager 3907584 bytes

0x81E19000 RAW 3907584 bytes

0x81E19000 WMIxWDM 3907584 bytes

0x976D0000 Win32k 2105344 bytes

0x976D0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8A60F000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)

0x8A20A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8F206000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8A40A000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)

0x8EC04000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)

0x804C8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xB260B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8A50E000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes

0x8A000000 C:\Windows\system32\drivers\iastor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8F308000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xA8690000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)

0x8E8FC000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x80600000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x8A14C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xAD807000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8040E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x8ED66000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)

0x8F55F000 C:\Windows\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xAD976000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x80732000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8F44D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80689000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x8F08C000 C:\Windows\system32\drivers\CHDRT32.sys 266240 bytes (Conexant Systems Inc., High Definition Audio Function Driver)

0x80487000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8078C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8E9B3000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8F11F000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x8F4D8000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8A340000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)

0xAD8FE000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8A71E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8F047000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x821D3000 ACPI_HAL 208896 bytes

0x821D3000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8A0DA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8F41B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8A39B000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0x8A1BD000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8F0CD000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8A315000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8F006000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xA874F000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0xB272F000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x8A794000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806E0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xAD94F000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8F0FA000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x805A8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8F537000 C:\Windows\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0x8A7CC000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8F3CA000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)

0x8ECE8000 C:\Windows\system32\DRIVERS\Rtlh86.sys 135168 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )

0x8F17F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xAD8BF000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xAD8DF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8A767000 C:\Windows\System32\DRIVERS\Apsx86.sys 122880 bytes (Lenovo., Shockproof Disk Driver)

0xAD874000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x8A4F3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8F5D6000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x8ED27000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0x8F402000 C:\Windows\System32\Drivers\avgtdix.sys 102400 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xAD891000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8A3CB000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xA8636000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)

0xAD937000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8F520000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0xA8679000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)

0x8A12B000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)

0x807CD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB2707000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xA8663000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)

0x8F495000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8F1D2000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xA860C000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0xAD8AA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x805CB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0xB2790000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x807E4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8ED52000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)

0x8F1E8000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8EDB8000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xA8783000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8F4B9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8A389000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0xB277E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xB27A5000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x8A7BB000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8F07B000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8046E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8ED41000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)

0x8A10C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0xA873F000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8077C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8ED09000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x805E0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8A37A000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8A11C000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0x8F5C7000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x8A785000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80707000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8A1EB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8E9F1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80723000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8ED19000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x97910000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8F4AB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8F1BB000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8F5B0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8F3BD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8F03A000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8E99B000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8067C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xB26F3000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8F173000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xA862A000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)

0x8EDCB000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8EDD8000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8F1B0000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8A3EE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8A3E3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8A5E8000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8E9A8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x80719000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8F5BD000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8F030000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA8779000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8F514000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x8A142000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xB26E9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8A7ED000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes

0x8F3EB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xB27B7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8F1C9000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x978F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8A7F6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xA8621000 C:\Windows\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)

0x806CF000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8EDF3000 C:\Windows\system32\DRIVERS\A0101V32.sys 32768 bytes (ATK0100, ATK0100 ACPI Utility)

0x8A757000 C:\Windows\System32\DRIVERS\ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)

0x8047F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x80406000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x806D8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8F1A0000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8F1A8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8A5F3000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)

0x8A75F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xB26FF000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0xA8796000 C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys 28672 bytes (-, -)

0x8F15C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0xA8655000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)

0xA865C000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)

0x8F16C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8F3F4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8F559000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0x8F200000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)

0x8EDE9000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8A400000 C:\Windows\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)

0x8F4D2000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0x8F4CC000 C:\Windows\System32\drivers\Tppwr32v.sys 24576 bytes

0xA864E000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)

0x8EDEF000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x8EDE3000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver for SL Series)

0xAD9C4000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x80716000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8EDE7000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)

0xA8653000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)

0x8F51E000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)

0x8EDFB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8EDD6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xA8635000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)

!!!!!!!!!!!Hidden driver: 0x86C1BAEA ?_empty_? 1302 bytes

0x86C1BEC5 unknown_irp_handler 315 bytes

!!!!!!!!!!!Hidden driver: 0x86C84B28 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0x8A000000 WARNING: suspicious driver modification [iastor.sys::0x86C1BAEA]

0x8A7ED000 WARNING: Virus alike driver modification [crcdisk.sys], 36864 bytes

Just to recap my problems: MBAM will not work, it comes up with runtime error. IE crashes immediately upon initiation. Prior to is starting to crash immediately, it was filled with google search redirects and random popups. I installed firefox after the IE crashes started and it also has tons of google search redirects and popus.

Thanks for your help!

Link to post
Share on other sites

Hi, RKU shows a nasty rootkit. Before starting the cleanup, please read the following:

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.