Jump to content

Antivirus Studio 2010 uninstalled but browser re-directs remain!


Recommended Posts

My browser seems to be re-directed to bogus websites, "content can't be encrypted", "reported attack page", etc. websites. I had the Antivirus Studio 2010 virus that I uninstalled with Malwarebytes, but the browser re-direct problems still exist! Malwarebytes shows no other errors and I also downloaded TDSkiller and no problems were found.

What do I do? I included a log for Malwarebytes, DDS & Hijackthis:

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4963

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

10/27/2010 1:09:07 PM

mbam-log-2010-10-27 (13-09-07).txt

Scan type: Full scan (C:\|)

Objects scanned: 263479

Time elapsed: 1 hour(s), 41 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log:

DDS (Ver_10-10-21.02) - NTFSx86

Run by ryan at 12:35:11.29 on Wed 10/27/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1613 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

svchost.exe

C:\WINDOWS\System32\svchost -k DComLaunch

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\ibmpmsvc.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\WINDOWS\system32\WebUpdateSvc4.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\Program Files\CaseWare\CWIN32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Simply Accounting Accountants' Edition 2010\SimplyAccounting.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\ryan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

mRun: [RoxioDragToDisc] c:\program files\lenovo\drag-to-disc\DrgToDsc.exe

mRun: [LCONTROL] "c:\program files\lenovo\atk hotkey\LCONTROL.exe"

mRun: [LFKA] "c:\program files\lenovo\atk hotkey\LFKA.exe"

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [setDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [statusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mPolicies-system: AllowMultipleTSSessions = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: cw - {774E529C-2458-48A2-8F57-3ED3105D8612} - c:\program files\caseware\cwproto.dll

Handler: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - c:\program files\caseware\cwproto.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\afhxl84a.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: c:\documents and settings\ryan\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\ryan\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]

R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]

R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-8-13 208896]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2008-12-6 3315080]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-8-13 94208]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]

R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-23 29992]

R2 SSIRuntimeService;SSIRuntimeService;c:\program files\software secure, inc\ssiruntimeservice\SSIRuntimeService.exe [2010-3-30 40960]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-5-18 229856]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-13 110080]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-27 38224]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\naveng.sys [2010-10-26 86064]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\navex15.sys [2010-10-26 1371184]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]

S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2010-6-9 42312]

=============== Created Last 30 ================

2010-10-27 15:35:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-10-27 13:14:51 -------- d-----w- c:\docume~1\ryan\applic~1\Malwarebytes

2010-10-27 13:14:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-27 13:14:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-27 13:14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-27 13:14:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-18 14:28:36 -------- d-----w- C:\Copy (4) of My Received Files

2010-10-18 14:28:36 -------- d-----w- C:\Copy (4) of My Music

2010-10-18 14:28:36 -------- d-----w- C:\Copy (4) of Favorites

2010-10-18 14:28:36 -------- d-----w- C:\Copy (4) of Access Connections

2010-10-18 14:28:36 -------- d-----w- C:\Copy (3) of Simply Accounting

2010-10-13 13:18:00 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 13:18:00 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 13:18:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 13:17:56 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-08 13:42:46 -------- d-----w- c:\program files\KONICA MINOLTA

2010-10-08 13:36:09 -------- d-----w- C:\Scan

2010-10-05 18:09:54 -------- d-----w- C:\Copy (3) of Simply

2010-10-05 18:09:54 -------- d-----w- C:\Copy (3) of My Received Files

2010-10-05 18:09:54 -------- d-----w- C:\Copy (3) of My Music

2010-10-05 18:09:54 -------- d-----w- C:\Copy (3) of Favorites

2010-10-05 18:09:54 -------- d-----w- C:\Copy (3) of Downloads

2010-10-05 18:09:54 -------- d-----w- C:\Copy (3) of Access Connections

2010-10-05 18:09:54 -------- d-----w- C:\Copy (2) of Simply Accounting

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 12:36:45.43 ===============

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:52:32 PM, on 10/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17091)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\WINDOWS\system32\WebUpdateSvc4.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\Program Files\CaseWare\CWIN32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Simply Accounting Accountants' Edition 2010\SimplyAccounting.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"

O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Reinblatt.com

O17 - HKLM\Software\..\Telephony: DomainName = Reinblatt.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Reinblatt.com

O18 - Protocol: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: acaptuser32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Simply Accounting Database Connection Manager - Sage - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe

O23 - Service: Simply Accounting Transaction Manager 2010 - CDN - Sage - C:\Program Files\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SSIRuntimeService - Unknown owner - C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--

End of file - 17700 bytes

Link to post
Share on other sites

  • Replies 91
  • Created
  • Last Reply

Top Posters In This Topic

combofix log:

ComboFix 10-10-26.04 - ryan 10/27/2010 13:51:19.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1653 [GMT -4:00]

Running from: c:\documents and settings\ryan\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\desktop.ini

c:\windows\system32\Thumbs.db

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))

.

2010-10-27 15:41 . 2010-10-27 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP

2010-10-27 15:35 . 2010-10-27 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-10-27 13:14 . 2010-10-27 13:14 -------- d-----w- c:\documents and settings\ryan\Application Data\Malwarebytes

2010-10-27 13:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-27 13:14 . 2010-10-27 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-27 13:14 . 2010-10-27 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-27 13:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 14:28 . 2010-10-18 14:28 -------- d-----w- C:\Copy (4) of My Received Files

2010-10-18 14:28 . 2010-10-18 14:28 -------- d-----w- C:\Copy (4) of My Music

2010-10-18 14:28 . 2010-10-18 14:28 -------- d-----w- C:\Copy (4) of Favorites

2010-10-18 14:28 . 2010-10-18 14:28 -------- d-----w- C:\Copy (4) of Access Connections

2010-10-18 14:28 . 2010-10-18 14:28 -------- d-----w- C:\Copy (3) of Simply Accounting

2010-10-13 13:18 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 13:18 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 13:18 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 13:17 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-08 13:42 . 2010-10-08 13:42 -------- d-----w- c:\program files\KONICA MINOLTA

2010-10-08 13:36 . 2010-10-08 13:36 -------- d-----w- C:\Scan

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (3) of Simply

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (3) of My Received Files

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (3) of My Music

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (3) of Favorites

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (3) of Downloads

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (3) of Access Connections

2010-10-05 18:09 . 2010-10-05 18:09 -------- d-----w- C:\Copy (2) of Simply Accounting

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 16:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2008-07-21 22:49 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-07-21 22:50 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-07-21 22:50 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-07-21 22:50 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-07-21 22:50 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-09-14 12:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-07-21 22:49 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-07-21 22:50 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-07-21 22:50 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

------- Sigcheck -------

[-] 2008-04-14 . BC54071237E45C6D1EC743155C1530E4 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 480522939A4DC09A21719FBCC2530A3D . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Google Update"="c:\documents and settings\ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-26 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]

"TpShocks"="TpShocks.exe" [2008-06-07 181536]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 150040]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]

"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]

"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]

"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-03 40960]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]

"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]

"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]

"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"AllowMultipleTSSessions"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2008-08-08 10:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]

R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 PM 46144]

R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/13/2009 11:13 AM 208896]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [12/6/2008 8:36 AM 3315080]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 11:16 AM 94208]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 7:27 PM 124608]

R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/23/2009 1:00 AM 29992]

R2 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [3/30/2010 2:42 PM 40960]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 520192]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]

R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 12:57 PM 229856]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/13/2009 11:04 AM 110080]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 11:18 AM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 11:16 AM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 11:15 AM 166384]

S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 11:18 AM 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]

S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [6/9/2010 42312]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25

*Deregistered* - EraserUtilDrv11010

*Deregistered* - klmd25

.

Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1979792683-839522115-1615Core.job

- c:\documents and settings\ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-26 15:54]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1979792683-839522115-1615UA.job

- c:\documents and settings\ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-26 15:54]

2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]

2009-11-05 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 16:48]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = <local>

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\ryan\Application Data\Mozilla\Firefox\Profiles\afhxl84a.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: c:\documents and settings\ryan\Application Data\Facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\ryan\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-27 13:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)

c:\program files\Lenovo\HOTKEY\tphklock.dll

.

Completion time: 2010-10-27 14:03:24

ComboFix-quarantined-files.txt 2010-10-27 18:03

Pre-Run: 120,899,317,760 bytes free

Post-Run: 123,181,162,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5C15D1049EEEC52B9035CD9B5798C0B8

Link to post
Share on other sites

:)

@princesultan

You have posted the same problem/issue/topic to at least 2 forums. That is bad etiquette.

The resources of the anti-malware-help community are always busy and there's already plenty of others with problems that do NOT multi-post.

By multi-posting you are tying up precious time of volunteers. Time that can be better used.

eusa_hand.gif Advise us as to which forum you wish to continue with and tell the other forum to Close your topic.

You have posted here at MalwareBytes " Antivirus Studio 2010 uninstalled but browser re-directs remain!"

http://forums.malwarebytes.org/index.php?showtopic=66058

and at BleepingComputer "Google redirect virus! Need some help please!"

http://www.bleepingcomputer.com/forums/topic356821.html

Link to post
Share on other sites

I must apologize. I was not aware these sites were connected and I am not aware if proper etiquette on these boards. I will refrain from posting anywhere else but on this site when discussing this issue in particular. I meant no harm and te last thing I want it to waste anyone's time.

I appreciate you pointing this put and I look forward to having my computer virus resolved!!!

Link to post
Share on other sites

Do NOT run tools on your own. And be aware that running Combofix without expert guided help is strictly ill-advised.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not princesultan and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Apply changes & OK

Step 4

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

ok, i have the 3 logs for you.

extras.txt

OTL Extras logfile created on: 10/28/2010 9:06:20 AM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\ryan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.35 Gb Total Space | 114.39 Gb Free Space | 79.80% Space Free | Partition Type: NTFS

Drive J: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Drive K: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Drive N: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Drive P: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Computer Name: LENOVO-C050FE47 | User Name: ryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows

Link to post
Share on other sites

OTL logfile created on: 10/28/2010 9:06:19 AM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\ryan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.35 Gb Total Space | 114.39 Gb Free Space | 79.80% Space Free | Partition Type: NTFS

Drive J: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Drive K: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Drive N: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Drive P: | 58.35 Gb Total Space | 1.93 Gb Free Space | 3.31% Space Free | Partition Type: NTFS

Computer Name: LENOVO-C050FE47 | User Name: ryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 09:01:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ryan\Desktop\OTL.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/03/30 14:42:59 | 000,040,960 | ---- | M] () -- C:\Program Files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe

PRC - [2009/09/11 13:26:07 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

PRC - [2009/08/23 01:00:00 | 000,091,432 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

PRC - [2009/08/23 01:00:00 | 000,029,992 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe

PRC - [2009/02/27 10:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009/02/27 09:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009/02/27 09:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe

PRC - [2008/11/24 18:42:48 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/11/24 18:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2008/11/24 18:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2008/11/24 18:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2008/10/26 12:48:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

PRC - [2008/08/11 01:53:12 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2008/06/13 23:08:54 | 003,073,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2008/06/06 21:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2008/06/04 13:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

PRC - [2008/05/14 05:36:36 | 000,036,128 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2008/04/15 23:38:24 | 000,315,392 | R--- | M] (Lenovo) -- C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/10 02:56:00 | 000,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2008/03/23 21:15:06 | 000,064,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

PRC - [2008/03/20 00:46:46 | 000,077,824 | R--- | M] (ATK0101) -- C:\Program Files\Lenovo\ATK Hotkey\LControl.exe

PRC - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

PRC - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe

PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006/04/24 22:23:42 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2005/06/23 19:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe

PRC - [2005/06/23 19:27:30 | 000,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe

PRC - [2005/06/23 19:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe

PRC - [2005/06/23 19:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe

PRC - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

PRC - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

PRC - [2005/06/02 09:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2004/04/14 17:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2004/02/27 13:29:24 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

PRC - [2004/01/07 13:02:26 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

========== Modules (SafeList) ==========

MOD - [2010/10/28 09:01:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ryan\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/10 02:55:56 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

SRV - [2010/10/27 16:26:57 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/06/09 00:00:00 | 000,042,312 | ---- | M] (Sage) [On_Demand | Stopped] -- C:\Program Files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe -- (Simply Accounting Transaction Manager 2010 - CDN)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/03/30 14:42:59 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe -- (SSIRuntimeService)

SRV - [2009/10/06 09:38:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/08/23 01:00:00 | 000,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)

SRV - [2009/02/27 10:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2009/02/27 09:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2009/02/27 09:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)

SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)

SRV - [2008/11/24 18:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2008/11/24 18:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2008/11/24 18:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2008/10/26 12:48:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)

SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2008/05/14 05:36:36 | 000,036,128 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2008/04/25 11:18:10 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2008/04/25 11:18:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2008/04/25 11:16:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2008/04/25 11:15:58 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)

SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)

SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2005/06/23 19:27:30 | 000,124,608 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - [2005/06/23 19:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2005/06/23 19:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2005/06/02 09:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2005/04/22 12:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\pctEFA.sys -- (pctEFA)

DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\drivers\pctDS.sys -- (pctDS)

DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\drivers\PCTCore.sys -- (PCTCore)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\129.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ryan\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/09/15 07:30:55 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101027.007\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/09/15 07:30:51 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101027.007\NAVENG.SYS -- (NAVENG)

DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009/08/13 11:18:18 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2009/08/13 11:17:55 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2009/08/13 11:17:22 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2009/03/04 13:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/02/11 05:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2008/10/26 12:48:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2008/08/24 20:03:04 | 006,045,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2008/08/13 20:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2008/07/29 20:44:18 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/07/10 22:48:00 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)

DRV - [2008/06/12 04:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)

DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2008/05/14 05:36:00 | 000,022,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/10 02:53:00 | 000,177,632 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/03/25 02:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2008/03/25 02:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2008/03/25 02:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/10/03 08:31:40 | 000,102,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/08/24 14:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A0101X32.sys -- (MTsensor)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/04/22 12:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2005/04/22 12:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)

DRV - [2004/10/15 15:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 09:14:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 09:14:19 | 000,000,000 | ---D | M]

[2009/09/10 11:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Mozilla\Extensions

[2010/10/27 15:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\afhxl84a.default\extensions

[2009/09/16 13:21:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\afhxl84a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/27 15:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/27 13:56:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ConnectionManager] C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [LCONTROL] C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (ATK0101)

O4 - HKLM..\Run: [LFKA] C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)

O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: AllowMultipleTSSessions = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 142.169.1.16 199.84.242.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Reinblatt.com

O18 - Protocol\Handler\cw {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll (CaseWare International Inc.)

O18 - Protocol\Handler\cwt {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll (CaseWare International Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)

O24 - Desktop WallPaper: C:\Documents and Settings\ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/21 18:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 09:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ryan\Desktop\misc

[2010/10/28 09:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/10/28 09:01:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ryan\Desktop\OTL.exe

[2010/10/28 09:00:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\ryan\Desktop\erunt-setup.exe

[2010/10/27 16:27:10 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/10/27 16:27:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/10/27 16:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ryan\Local Settings\Application Data\Sunbelt Software

[2010/10/27 16:22:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/10/27 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/10/27 16:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/10/27 16:18:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ryan\Recent

[2010/10/27 16:10:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/10/27 16:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/27 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2010/10/27 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010/10/27 15:38:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/27 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/10/27 13:50:21 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/27 13:47:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/27 13:47:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/27 13:47:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/27 13:47:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/27 13:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/27 13:47:41 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/10/27 13:45:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/27 11:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/10/27 11:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2010/10/27 09:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ryan\Application Data\Malwarebytes

[2010/10/27 09:14:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/27 09:14:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/27 09:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/27 09:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/26 16:46:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/21 09:23:04 | 000,000,000 | ---D | C] -- N:\Simply Accounting

[2010/10/19 09:20:28 | 000,000,000 | ---D | C] -- N:\My Received Files

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\My Pictures

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\My Music

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\Favorites

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\Access Connections

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of My Received Files

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of My Music

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of Favorites

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of Access Connections

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (3) of Simply Accounting

[2010/10/13 09:18:00 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/13 09:18:00 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/10/13 09:18:00 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/13 09:17:56 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010/10/08 09:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\KONICA MINOLTA

[2010/10/08 09:36:09 | 000,000,000 | ---D | C] -- C:\Scan

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Simply

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of My Received Files

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of My Music

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Favorites

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Downloads

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Access Connections

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (2) of Simply Accounting

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 09:03:29 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\NTREGOPT.lnk

[2010/10/28 09:03:29 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\ERUNT.lnk

[2010/10/28 09:01:10 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\SecurityCheck.exe

[2010/10/28 09:01:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ryan\Desktop\OTL.exe

[2010/10/28 09:00:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\ryan\Desktop\erunt-setup.exe

[2010/10/28 08:14:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1979792683-839522115-1615UA.job

[2010/10/27 16:33:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/10/27 16:32:07 | 000,000,000 | ---- | M] () -- N:\LMSCRIPT.$$$

[2010/10/27 16:31:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/27 16:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/27 16:28:50 | 3184,836,608 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/27 16:27:06 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/10/27 16:22:22 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/10/27 16:22:22 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/10/27 15:40:45 | 000,599,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2010/10/27 15:15:20 | 000,005,261 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/10/27 14:24:22 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010/10/27 14:17:57 | 000,338,432 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Stock Compensation.ppt

[2010/10/27 13:56:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/10/27 13:50:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/10/27 13:45:26 | 003,887,312 | R--- | M] () -- C:\Documents and Settings\ryan\Desktop\ComboFix.exe

[2010/10/27 13:44:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI

[2010/10/27 09:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1979792683-839522115-1615Core.job

[2010/10/26 15:25:46 | 000,001,024 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN

[2010/10/26 15:17:28 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\CWGIFI.gfi

[2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/10/19 11:51:38 | 038,028,743 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\immigration.zip

[2010/10/18 10:29:15 | 000,000,153 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI

[2010/10/18 09:02:59 | 000,000,000 | ---- | M] () -- C:\Copy (4) of LMSCRIPT.$$$

[2010/10/14 11:13:28 | 006,645,281 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Backup PP2.SDB1.CAB

[2010/10/14 11:12:06 | 008,926,701 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Backup pp.SDB1.CAB

[2010/10/14 08:56:23 | 000,392,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/08 09:36:48 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Scan - Reception.lnk

[2010/10/07 17:02:25 | 000,491,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/07 17:02:25 | 000,090,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/05 09:02:21 | 000,000,000 | ---- | M] () -- C:\Copy (3) of LMSCRIPT.$$$

[2010/09/29 14:42:02 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CICA Handbook.lnk

[2010/09/29 14:26:07 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Financial Reporting in Canada under IFRS.lnk

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 09:03:29 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\NTREGOPT.lnk

[2010/10/28 09:03:29 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\ERUNT.lnk

[2010/10/28 09:01:08 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\SecurityCheck.exe

[2010/10/27 17:54:00 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/10/27 16:33:36 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/10/27 16:22:22 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/10/27 16:22:22 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/10/27 15:40:33 | 000,599,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2010/10/27 14:17:56 | 000,338,432 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Stock Compensation.ppt

[2010/10/27 13:50:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/10/27 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/27 13:47:51 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/27 13:47:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/27 13:47:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/27 13:47:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/27 13:47:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/27 13:45:18 | 003,887,312 | R--- | C] () -- C:\Documents and Settings\ryan\Desktop\ComboFix.exe

[2010/10/27 13:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010/10/19 11:50:34 | 038,028,743 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\immigration.zip

[2010/10/19 09:02:12 | 000,000,000 | ---- | C] () -- N:\LMSCRIPT.$$$

[2010/10/14 11:34:38 | 008,926,701 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Backup pp.SDB1.CAB

[2010/10/14 11:34:32 | 006,645,281 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Backup PP2.SDB1.CAB

[2010/10/08 09:36:48 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Scan - Reception.lnk

[2010/10/06 08:58:41 | 000,000,000 | ---- | C] () -- C:\Copy (4) of LMSCRIPT.$$$

[2010/01/13 15:42:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini

[2009/11/02 10:53:59 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\ryan\Local Settings\Application Data\ssi_err.log

[2009/10/23 13:55:50 | 000,000,153 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI

[2009/10/01 01:07:02 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAYXJ_L.DLL

[2009/10/01 01:07:02 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAYXA_L.DLL

[2009/09/11 13:26:39 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll

[2009/09/11 13:26:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll

[2009/09/11 13:24:24 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2009/09/11 13:24:24 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/09/11 13:22:31 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini

[2009/09/11 13:21:39 | 000,013,259 | ---- | C] () -- C:\WINDOWS\hplj1320.ini

[2009/09/11 12:51:57 | 000,005,261 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/10 11:53:49 | 000,000,315 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2009/09/10 11:53:49 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2009/09/10 11:51:24 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2009/09/10 11:46:27 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009/09/10 11:46:27 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009/08/13 11:32:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/08/13 11:16:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009/08/13 11:13:49 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\A0101X32.sys

[2009/08/13 11:13:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\AABATT.dll

[2009/08/13 11:13:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/08/13 11:13:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/08/13 11:13:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/08/13 11:13:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/08/13 11:13:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/08/13 11:13:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/08/13 11:12:40 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/08/13 11:12:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/08/13 11:04:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll

[2009/08/13 11:01:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2008/07/22 11:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/07/21 10:55:48 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/05/18 01:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2004/04/02 09:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL

[2002/03/04 13:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[2001/07/31 06:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/07/29 14:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge

[2009/11/18 15:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaseWare

[2009/08/13 11:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/09/14 17:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus

[2009/08/13 11:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/08/13 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/10/28 12:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage Software

[2009/09/10 11:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/06/04 20:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftwareSecure

[2010/06/04 20:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSI

[2010/10/27 16:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/13 11:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2010/06/04 20:32:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}

[2009/10/09 08:48:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}

[2010/10/27 16:22:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2009/09/14 17:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\domino

[2010/01/29 13:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Facebook

[2009/09/10 12:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Leadertech

[2009/08/13 11:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Lenovo

[2009/09/14 10:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\OpenOffice.org

[2010/10/27 16:33:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/08/13 11:17:01 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/10/27 14:24:22 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

checkup.txt

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Symantec AntiVirus

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 16

Out of date Java installed!

Adobe Flash Player 10.0.32.18

Adobe Reader 8.1.2

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.11) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Symantec AntiVirus DefWatch.exe

Symantec AntiVirus SavRoam.exe

Symantec AntiVirus Rtvscan.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

````````````````````````````````

DNS Vulnerability Check:

``````````End of Log````````````

Link to post
Share on other sites

Make sure that Windows is running in Normal mode.

The message you saw is likely due to a previous session where you may have had an imcomplete shutdown or some Windows issue.

If this is a notebook system, be sure the pc is on AC (wall) power.

I'd like for you to do an online scan & then get some reports.

Close & save any open work documents you have open. Close any apps you started.

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Using Internet Explorer browser only, go to ESET Online Scanner website:

Windows 7 or Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Step 3

Make sure your antivirus is re-enabled.

Copy and paste in a reply the log from Eset scan.

Link to post
Share on other sites

well, i've restarted my pc a few times, and it still has that safe mode screen that comes up each time before the windows xp loading window. just to be clear, i am in normal mode.

also, how do i disable my anti-virus? i'm with symantec. i see the icon in the system tray, and the only options i have is to "open symantec antivirus". the "enable auto-protect" option is checked, but it is grayed out, so i can't uncheck it.

Link to post
Share on other sites

You have to learn how to temporarily disable your antivirus. Sorry but I do not have Symantec.

See this guide at BC

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/ind...howtopic=114351

If you still can't manage, then proceed forward with the MBAM scan.

Link to post
Share on other sites

ok, i quit the process in the task manager to quit the antivirus program (i believe).

here's the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9ef439f4891f2349912db3329d74b610

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-28 07:44:39

# local_time=2010-10-28 03:44:39 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=94854

# found=0

# cleaned=0

# scan_time=2661

Link to post
Share on other sites

The ESET scan is very encouraging.

Important Updates

Go to Control Panel and Add-or-Remove programs.

De-install Eset Online, if present

De-install Adobe Reader.

Look for it and click the line for it. Select Change/Remove to de-install it.

OK & Exit out of Control Panel

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Start Firefox. Select Help >>Check for Updates. Let it update to FF version 3.6.12

The latest update includes security fix.

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline (it is the 2nd one listed under Windows and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 22 from Sun Microsystems Inc.

New report

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    themeui.dll
    winlogon.exe
    explorer.exe
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

here's the new otl.txt log. by the way, i still get that safe mode screen that briefly comes on before the windows xp startup window.

OTL logfile created on: 10/29/2010 9:39:58 AM - Run 2

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\ryan\Desktop\misc virus

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.35 Gb Total Space | 114.41 Gb Free Space | 79.81% Space Free | Partition Type: NTFS

Drive J: | 58.35 Gb Total Space | 1.77 Gb Free Space | 3.03% Space Free | Partition Type: NTFS

Drive K: | 58.35 Gb Total Space | 1.77 Gb Free Space | 3.03% Space Free | Partition Type: NTFS

Drive N: | 58.35 Gb Total Space | 1.77 Gb Free Space | 3.03% Space Free | Partition Type: NTFS

Drive P: | 58.35 Gb Total Space | 1.77 Gb Free Space | 3.03% Space Free | Partition Type: NTFS

Computer Name: LENOVO-C050FE47 | User Name: ryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 09:01:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ryan\Desktop\misc virus\OTL.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/03/30 14:42:59 | 000,040,960 | ---- | M] () -- C:\Program Files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe

PRC - [2009/09/11 13:26:07 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

PRC - [2009/08/23 01:00:00 | 000,091,432 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

PRC - [2009/08/23 01:00:00 | 000,029,992 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe

PRC - [2009/02/27 10:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009/02/27 09:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009/02/27 09:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe

PRC - [2008/11/24 18:42:48 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/11/24 18:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2008/11/24 18:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2008/11/24 18:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2008/10/26 12:48:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

PRC - [2008/08/11 01:53:12 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2008/06/13 23:08:54 | 003,073,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2008/06/06 21:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2008/06/04 13:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

PRC - [2008/05/14 05:36:36 | 000,036,128 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2008/04/15 23:38:24 | 000,315,392 | R--- | M] (Lenovo) -- C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/10 02:56:00 | 000,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2008/03/23 21:15:06 | 000,064,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

PRC - [2008/03/20 00:46:46 | 000,077,824 | R--- | M] (ATK0101) -- C:\Program Files\Lenovo\ATK Hotkey\LControl.exe

PRC - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

PRC - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe

PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006/04/24 22:23:42 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2005/06/23 19:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe

PRC - [2005/06/23 19:27:30 | 000,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe

PRC - [2005/06/23 19:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe

PRC - [2005/06/23 19:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe

PRC - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

PRC - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

PRC - [2005/06/02 09:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2004/04/14 17:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2004/02/27 13:29:24 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

PRC - [2004/01/07 13:02:26 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

========== Modules (SafeList) ==========

MOD - [2010/10/28 09:01:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ryan\Desktop\misc virus\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/10 02:55:56 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

SRV - [2010/10/27 16:26:57 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/06/09 00:00:00 | 000,042,312 | ---- | M] (Sage) [On_Demand | Stopped] -- C:\Program Files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe -- (Simply Accounting Transaction Manager 2010 - CDN)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/03/30 14:42:59 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe -- (SSIRuntimeService)

SRV - [2009/10/06 09:38:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/08/23 01:00:00 | 000,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)

SRV - [2009/02/27 10:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2009/02/27 09:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2009/02/27 09:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)

SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)

SRV - [2008/11/24 18:42:44 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2008/11/24 18:36:22 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2008/11/24 18:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2008/10/26 12:48:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)

SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2008/05/14 05:36:36 | 000,036,128 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2008/04/25 11:18:10 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2008/04/25 11:18:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2008/04/25 11:16:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2008/04/25 11:15:58 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)

SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)

SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2005/06/23 19:27:30 | 000,124,608 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - [2005/06/23 19:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2005/06/23 19:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2005/06/02 09:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2005/04/22 12:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\129.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ryan\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/09/15 07:30:55 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101028.008\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/09/15 07:30:51 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101028.008\NAVENG.SYS -- (NAVENG)

DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009/08/13 11:18:18 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2009/08/13 11:17:55 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2009/08/13 11:17:22 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2009/03/04 13:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/02/11 05:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2008/10/26 12:48:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2008/08/24 20:03:04 | 006,045,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2008/08/13 20:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2008/07/29 20:44:18 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/07/10 22:48:00 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)

DRV - [2008/06/12 04:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)

DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2008/05/14 05:36:00 | 000,022,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 03:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/14 03:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/10 02:53:00 | 000,177,632 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/03/25 02:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2008/03/25 02:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2008/03/25 02:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/10/03 08:31:40 | 000,102,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/08/24 14:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A0101X32.sys -- (MTsensor)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/04/22 12:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2005/04/22 12:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)

DRV - [2004/10/15 15:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 09:17:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 09:35:26 | 000,000,000 | ---D | M]

[2009/09/10 11:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Mozilla\Extensions

[2010/10/29 09:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\afhxl84a.default\extensions

[2009/09/16 13:21:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\afhxl84a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/29 09:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/29 09:35:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/10/29 09:35:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/27 13:56:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ConnectionManager] C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [LCONTROL] C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (ATK0101)

O4 - HKLM..\Run: [LFKA] C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)

O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: AllowMultipleTSSessions = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 142.169.1.16 199.84.242.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Reinblatt.com

O18 - Protocol\Handler\cw {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll (CaseWare International Inc.)

O18 - Protocol\Handler\cwt {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll (CaseWare International Inc.)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)

O24 - Desktop WallPaper: C:\Documents and Settings\ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/21 18:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {999E072A-EDF6-0825-33A4-61BD4F1C2135} - Microsoft Windows Media Player

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 09:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/10/29 09:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/29 09:35:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/10/29 09:35:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/10/29 09:35:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/10/29 09:35:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/10/29 09:35:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/10/29 09:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/10/29 09:24:59 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ryan\Desktop\jre-6u22-windows-i586-iftw-rv.exe

[2010/10/29 09:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/10/29 09:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/10/28 09:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ryan\Desktop\misc virus

[2010/10/28 09:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/10/27 16:27:10 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/10/27 16:27:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/10/27 16:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ryan\Local Settings\Application Data\Sunbelt Software

[2010/10/27 16:22:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/10/27 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/10/27 16:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/10/27 16:18:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ryan\Recent

[2010/10/27 16:10:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/10/27 16:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/27 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010/10/27 15:38:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/27 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/10/27 13:50:21 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/27 13:47:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/27 13:47:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/27 13:47:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/27 13:47:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/27 13:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/27 13:47:41 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/10/27 13:45:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/27 11:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/10/27 11:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2010/10/27 09:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ryan\Application Data\Malwarebytes

[2010/10/27 09:14:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/27 09:14:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/27 09:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/27 09:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/26 16:46:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/21 09:23:04 | 000,000,000 | ---D | C] -- N:\Simply Accounting

[2010/10/19 09:20:28 | 000,000,000 | ---D | C] -- N:\My Received Files

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\My Pictures

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\My Music

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\Favorites

[2010/10/19 09:02:10 | 000,000,000 | ---D | C] -- N:\Access Connections

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of My Received Files

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of My Music

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of Favorites

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (4) of Access Connections

[2010/10/18 10:28:36 | 000,000,000 | ---D | C] -- C:\Copy (3) of Simply Accounting

[2010/10/13 09:18:00 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/13 09:18:00 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/10/13 09:18:00 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/13 09:17:56 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010/10/08 09:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\KONICA MINOLTA

[2010/10/08 09:36:09 | 000,000,000 | ---D | C] -- C:\Scan

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Simply

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of My Received Files

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of My Music

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Favorites

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Downloads

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (3) of Access Connections

[2010/10/05 14:09:54 | 000,000,000 | ---D | C] -- C:\Copy (2) of Simply Accounting

========== Files - Modified Within 30 Days ==========

[2010/10/29 09:35:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/10/29 09:35:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/10/29 09:35:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/10/29 09:35:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/10/29 09:35:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/10/29 09:34:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/10/29 09:32:28 | 000,000,000 | ---- | M] () -- N:\LMSCRIPT.$$$

[2010/10/29 09:32:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/29 09:29:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/29 09:29:34 | 3184,836,608 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/29 09:25:00 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ryan\Desktop\jre-6u22-windows-i586-iftw-rv.exe

[2010/10/29 09:14:38 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1979792683-839522115-1615UA.job

[2010/10/29 09:14:20 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1979792683-839522115-1615Core.job

[2010/10/28 15:41:37 | 000,001,024 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN

[2010/10/28 15:39:43 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\CWGIFI.gfi

[2010/10/27 16:27:06 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/10/27 16:22:22 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/10/27 16:22:22 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/10/27 15:40:45 | 000,599,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2010/10/27 15:15:20 | 000,005,261 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/10/27 14:24:22 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010/10/27 14:17:57 | 000,338,432 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Stock Compensation.ppt

[2010/10/27 13:56:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/10/27 13:50:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/10/27 13:44:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI

[2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/10/19 11:51:38 | 038,028,743 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\immigration.zip

[2010/10/18 10:29:15 | 000,000,153 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI

[2010/10/18 09:02:59 | 000,000,000 | ---- | M] () -- C:\Copy (4) of LMSCRIPT.$$$

[2010/10/14 11:13:28 | 006,645,281 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Backup PP2.SDB1.CAB

[2010/10/14 11:12:06 | 008,926,701 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Backup pp.SDB1.CAB

[2010/10/14 08:56:23 | 000,392,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/08 09:36:48 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\ryan\Desktop\Scan - Reception.lnk

[2010/10/07 17:02:25 | 000,491,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/07 17:02:25 | 000,090,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/05 09:02:21 | 000,000,000 | ---- | M] () -- C:\Copy (3) of LMSCRIPT.$$$

[2010/09/29 14:42:02 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CICA Handbook.lnk

[2010/09/29 14:26:07 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Financial Reporting in Canada under IFRS.lnk

========== Files Created - No Company Name ==========

[2010/10/27 17:54:00 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/10/27 16:33:36 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/10/27 16:22:22 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/10/27 16:22:22 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/10/27 15:40:33 | 000,599,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2010/10/27 14:17:56 | 000,338,432 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Stock Compensation.ppt

[2010/10/27 13:50:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/10/27 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/27 13:47:51 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/27 13:47:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/27 13:47:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/27 13:47:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/27 13:47:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/27 13:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010/10/19 11:50:34 | 038,028,743 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\immigration.zip

[2010/10/19 09:02:12 | 000,000,000 | ---- | C] () -- N:\LMSCRIPT.$$$

[2010/10/14 11:34:38 | 008,926,701 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Backup pp.SDB1.CAB

[2010/10/14 11:34:32 | 006,645,281 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Backup PP2.SDB1.CAB

[2010/10/08 09:36:48 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\ryan\Desktop\Scan - Reception.lnk

[2010/10/06 08:58:41 | 000,000,000 | ---- | C] () -- C:\Copy (4) of LMSCRIPT.$$$

[2010/01/13 15:42:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini

[2009/11/02 10:53:59 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\ryan\Local Settings\Application Data\ssi_err.log

[2009/10/23 13:55:50 | 000,000,153 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI

[2009/10/01 01:07:02 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAYXJ_L.DLL

[2009/10/01 01:07:02 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAYXA_L.DLL

[2009/09/11 13:26:39 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll

[2009/09/11 13:26:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll

[2009/09/11 13:24:24 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2009/09/11 13:24:24 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/09/11 13:22:31 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini

[2009/09/11 13:21:39 | 000,013,259 | ---- | C] () -- C:\WINDOWS\hplj1320.ini

[2009/09/11 12:51:57 | 000,005,261 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/10 11:53:49 | 000,000,315 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2009/09/10 11:53:49 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2009/09/10 11:51:24 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2009/09/10 11:46:27 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009/09/10 11:46:27 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009/08/13 11:32:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/08/13 11:16:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009/08/13 11:13:49 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\A0101X32.sys

[2009/08/13 11:13:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\AABATT.dll

[2009/08/13 11:13:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/08/13 11:13:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/08/13 11:13:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/08/13 11:13:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/08/13 11:13:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/08/13 11:13:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/08/13 11:12:40 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/08/13 11:12:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/08/13 11:04:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll

[2009/08/13 11:01:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2008/07/22 11:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/07/21 10:55:48 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/05/18 01:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2004/04/02 09:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL

[2002/03/04 13:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[2001/07/31 06:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/10/29 09:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/09/10 11:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother

[2010/07/29 14:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge

[2009/11/18 15:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaseWare

[2009/10/06 14:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2009/08/13 11:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2009/08/13 11:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2010/10/27 16:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/08/13 11:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/09/14 17:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus

[2010/10/27 09:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/29 09:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2009/09/21 13:39:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010/10/13 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2010/10/27 16:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2009/08/13 11:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/08/13 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/08/13 11:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio

[2009/10/28 12:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage Software

[2009/09/10 11:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/06/04 20:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftwareSecure

[2009/09/18 10:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic

[2010/06/04 20:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSI

[2010/10/29 09:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2009/09/14 16:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2010/10/27 16:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/13 11:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/09/18 08:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010/06/04 20:32:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}

[2009/10/09 08:48:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}

[2010/10/27 16:22:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2010/04/21 15:43:28 | 002,686,456 | ---- | M] (Software Secure, Inc ) -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\SecurexamCAMegaInstaller2010.exe

[2010/03/30 14:42:59 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\42C36F3B\1B179659\SSIRuntimeService.exe

[2010/04/21 15:42:04 | 003,018,240 | ---- | M] (Software Secure, Inc.) -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\6626D89A\6A696B78\SecurexamStudent.exe

[2010/04/21 15:37:48 | 000,008,192 | ---- | M] (Software Secure, Inc.) -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\7CC6BA88\4BFF62B7\DeleteAllLicenses.exe

[2010/03/16 16:01:12 | 095,578,568 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\A3C3BE38\595C3A8\2010UFE-EFU.exe

[2009/11/04 17:14:03 | 000,274,936 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\A467249B\19898C8A\wuwinstaller.exe

[2010/02/22 14:15:24 | 030,393,368 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\B12F6FE2\595C3A8\VPL.exe

[2009/11/04 17:14:03 | 000,048,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\BFD8F9B2\19898C8A\uninst.exe

[2010/03/30 14:42:59 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\C_\projects\SSI-Project Repository Projects\trunk\SSI_Security\Melbourne\bin\Release\SSIRuntimeService.exe

[2010/04/21 15:38:20 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\F33C0339\C639503F\MergeFolioViews.exe

[2010/04/21 15:38:15 | 000,358,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{7FA6844D-3E47-4671-B754-0A8F83465FA5}\OFFLINE\F744247C\64888068\ExamsAndLicenses.exe

[2009/07/16 11:13:40 | 002,663,360 | ---- | M] (Software Secure, Inc ) -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\SecurexamCAMegaInstaller.exe

[2009/07/14 14:40:22 | 062,819,712 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\2BC45862\24BD75A5\2009UFE-EFU.exe

[2009/07/16 07:12:32 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\42C36F3B\1B179659\SSIRuntimeService.exe

[2009/07/16 10:50:07 | 003,706,880 | ---- | M] (Software Secure, Inc.) -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\6626D89A\6A696B78\SecurexamStudent.exe

[2009/07/16 10:41:28 | 000,008,192 | ---- | M] (Software Secure, Inc.) -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\7CC6BA88\4BFF62B7\DeleteAllLicenses.exe

[2009/02/20 15:46:37 | 029,583,192 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\93AD750E\24BD75A5\VPL.exe

[2009/05/19 11:58:48 | 000,274,936 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\A467249B\19898C8A\wuwinstaller.exe

[2009/05/19 11:58:48 | 000,048,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\BFD8F9B2\19898C8A\uninst.exe

[2009/07/16 07:12:32 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{C7F1B7B8-82C7-475E-BE9D-08EFCAB26979}\OFFLINE\C_\projects\SSI-Project Repository Projects\trunk\SSI_Security\Melbourne\bin\Release\SSIRuntimeService.exe

[2010/09/23 03:46:54 | 002,985,032 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.exe

[2010/07/29 14:44:18 | 000,599,304 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe

[2010/07/29 14:44:20 | 000,626,440 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe

[2010/07/29 14:44:17 | 000,353,544 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe

[2010/10/27 16:26:57 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

[2010/10/27 16:26:58 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

[2010/10/27 16:26:59 | 001,512,968 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

[2010/10/27 16:27:00 | 000,913,544 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

[2010/10/27 16:27:00 | 000,912,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

[2010/10/27 16:27:01 | 000,250,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

[2010/10/27 16:27:05 | 000,912,504 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

[2010/10/27 11:39:23 | 085,786,704 | ---- | M] (PC Tools ) -- C:\Documents and Settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

[2008/03/13 03:50:00 | 004,700,656 | ---- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe

< %APPDATA%\*. >

[2010/10/29 09:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Adobe

[2009/09/14 17:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\domino

[2010/01/29 13:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Facebook

[2008/07/21 18:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Identities

[2009/09/10 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\InstallShield

[2009/08/13 11:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Intel

[2009/09/10 12:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Leadertech

[2009/08/13 11:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Lenovo

[2009/09/10 11:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Macromedia

[2010/10/27 09:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Malwarebytes

[2010/02/04 17:06:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\ryan\Application Data\Microsoft

[2009/09/10 11:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Mozilla

[2009/09/14 10:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\OpenOffice.org

[2009/08/13 11:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\Sun

[2010/02/11 10:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ryan\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2010/01/29 13:54:24 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\ryan\Application Data\Facebook\uninstall.exe

[2010/07/07 09:48:13 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{021017F4-FBC3-4438-87BD-74888789CDDD}\ARPPRODUCTICON.exe

[2009/08/13 11:10:07 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe

[2010/07/07 09:46:32 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{0B48DD77-AA94-4D90-AFE0-507A6428A189}\ARPPRODUCTICON.exe

[2010/07/07 09:26:52 | 000,061,440 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{0EBA4D07-32EE-4F0E-B375-1356E69C748B}\ARPPRODUCTICON.exe

[2010/07/07 09:49:04 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{2A19D8AD-0C13-4551-84F1-5FEA99674CF2}\ARPPRODUCTICON.exe

[2009/09/23 12:46:23 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{451BB54C-8B23-4455-8BDC-14FC7D43E056}\ARPPRODUCTICON.exe

[2009/09/11 13:26:56 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe

[2010/07/07 09:47:17 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{964004BA-9038-4263-A38C-BBFE32D73EAF}\ARPPRODUCTICON.exe

[2009/09/23 12:46:21 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{97E1C648-DCEB-4508-9D08-A6F94313D3E0}\ARPPRODUCTICON.exe

[2010/07/07 09:47:05 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\ryan\Application Data\Microsoft\Installer\{AB2CC3DF-66FD-4A00-B242-9D88497B494B}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys

[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS

[2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >

[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys

[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: BEEP.SYS >

[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys

[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=480522939A4DC09A21719FBCC2530A3D -- C:\WINDOWS\explorer.exe

< MD5 for: IASTOR.SYS >

[2009/02/11 05:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\drivers\other\IaStor.sys

[2009/02/11 05:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys

[2009/02/11 05:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

[2009/02/11 05:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: THEMEUI.DLL >

[2008/04/14 08:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll

< MD5 for: USERINIT.EXE >

[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=BC54071237E45C6D1EC743155C1530E4 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/07/21 10:54:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2008/07/21 10:54:31 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2008/07/21 10:54:31 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

I am not sure about what option or "screen" that you refer to as "safe" mode.

Were it the real Windows Safe mode, you would see a very explicit 4-cornered (at each corner of monitor) the words "Safe mode" but that would mean that Windows is running in Safe Mode!

I am guessing you are confusing the temporary mechanism set by Combofix which displays Advanced boot options.

But that is a guess.

In any event, let's have you do this. Start Notepad.

Open a log file C:\Qoobox\ComboFix-quarantined-files.txt

Select ALL the text contents.

COPY

and then in a new reply to this thread, Paste the contents and finish the reply.

Once that is done, do the following to remove Combofix off your system.

It is located on your Desktop, and has a red-lion icon.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste
    ComboFix /uninstall
    and then press OK.

If the Combofix uninstall does not work, do not panic; just proceed forward with following steps in any event.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

When done, let me know what you have run.

Also, re-advise as to how the system is now?

Link to post
Share on other sites

here's the ComboFix-quarantined-files.txt

2010-10-27 17:52:52 . 2010-10-27 17:52:52 8,204 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-10-27 17:47:42 . 2010-10-27 17:47:42 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2009-08-13 14:52:01 . 2007-02-09 16:31:08 4,608 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir

Link to post
Share on other sites

ok, i followed the steps above.

by the way, regarding the safe mode "screen". basically, when you boot up your computer, BEFORE the windows xp load screen comes up, the one where the windows xp logo is right in the center of the screen with a progress bar below it, there's a screen that briefly comes up giving me the different safe mode options. it's there for about 2 seconds until it proceeds to the windows xp load/progress screen that i just mentioned. this would never show up before this problem came up. not sure if this is important or not, but i do know this is something that only cropped up when this problem started.

Link to post
Share on other sites

Confirm for me when you have finished un-installing Combofix and have got & run the OTC cleanup.

For your benefit, what you refer to are options set in place by Combofix that would have allowed us access into the XP Recovery Console.

You need not have been concerned about that. That is perfectly normal. and was never a problem.

Once CF is un-installed, you will not be seeing that anymore.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.