Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.BHO found, funkiness remains


  • This topic is locked This topic is locked
20 replies to this topic

#1 scpanther

scpanther

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 22 March 2009 - 10:04 PM

Computer continues to have problems with the internet. Browser windows popping up at odd times, lots of Internet Explorer errors. Malware Bytes detected Trojoan.BHO, but since then neither that program nor Spybot, Ad-aware, or AVG antivirus have detected anything.

Thanks in advance!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Susan at 22:28:19.61 on Sun 03/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.102 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Susan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/us/en/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\common\_helper.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [UIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: microsoft.com
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Filter: text/html - {e2eb6b29-8af9-4ed3-997d-2e48c1fc6405} - c:\windows\system32\mst123.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-13 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-14 28544]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-3 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-3 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-3 107272]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-7-24 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-12-5 46656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-3 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-3 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-12-5 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2007-12-5 249856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 37312]

=============== Created Last 30 ================

2009-03-16 22:12 <DIR> --d----- c:\program files\MSECache
2009-03-14 18:13 <DIR> --d----- c:\docume~1\susan\applic~1\Malwarebytes
2009-03-14 18:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-14 18:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 18:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-03-14 17:45 <DIR> --d----- c:\windows\pss
2009-03-14 14:25 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-14 14:24 <DIR> --d----- c:\program files\Panda Security
2009-03-14 09:46 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-13 22:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-13 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-13 22:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-13 22:32 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-13 22:31 <DIR> --d----- c:\program files\Lavasoft
2009-03-06 22:11 <DIR> --d----- c:\program files\Common

==================== Find3M ====================

2009-02-10 21:11 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-10 21:11 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-10 21:11 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll

============= FINISH: 22:29:19.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 23 March 2009 - 04:20 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 24 March 2009 - 01:14 PM

Sam, thanks for taking this on.

Per your instructions, here is the OTListIt2 log followed by the GMER results. I notice that OTListIt2 generates an additional file called "Extras.txt." I have assumed that if you wanted that one you would have asked for it, so please correct me if I need to post that as well.

==========================
OTListIt logfile created on: 3/24/2009 12:09:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.36 Mb Total Physical Memory | 256.30 Mb Available Physical Memory | 51.02% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.95 Gb Total Space | 21.66 Gb Free Space | 63.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 487.73 Mb Total Space | 486.98 Mb Free Space | 99.85% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-8E0B10B6
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/02/17 18:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/02/17 18:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/12/01 04:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2009/02/10 21:11:32 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/02/17 18:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2008/06/13 17:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe
PRC - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe
PRC - [2008/06/13 17:42:54 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/12/05 17:17:14 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/12/05 17:21:32 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/12/05 16:42:18 | 00,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe
PRC - [2007/12/05 17:09:48 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2009/02/10 21:11:36 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/02/10 21:11:43 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/02/10 21:11:41 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/10 21:11:42 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/06/06 18:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/06/05 02:36:00 | 00,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/10/02 10:19:48 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/11/24 04:02:00 | 00,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/07/05 17:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/05/30 15:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/10/28 14:08:32 | 00,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2009/02/10 21:11:23 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/12/05 16:14:34 | 00,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/12/05 16:14:20 | 00,524,288 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/11/02 09:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/11/02 08:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/10/06 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/10/14 09:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/06/13 20:08:54 | 03,073,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2003/12/22 09:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/08/11 00:24:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/12/22 09:38:40 | 00,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2009/03/24 09:08:18 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/10 21:11:36 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/02/10 21:11:32 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/02/17 18:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/30 21:16:11 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/12/01 04:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2008/04/13 20:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/02/17 18:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/02/17 18:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe -- (SUService [Auto | Running])
SRV - [2008/06/13 17:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
SRV - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2008/06/13 17:42:54 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
SRV - [2007/12/05 17:17:14 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2007/12/05 17:21:32 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2007/12/05 16:42:18 | 00,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor [Auto | Running])
SRV - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/11 03:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/11 00:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/04 19:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2008/07/24 17:09:48 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/05/17 10:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\DRIVERS\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
DRV - [2009/02/10 21:11:42 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/02/10 21:11:43 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/02/10 21:11:40 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/24 10:28:48 | 00,170,392 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2004/01/05 03:27:32 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/01/05 03:27:34 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/01/05 03:27:34 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/10/18 16:52:38 | 00,242,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/10/18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2004/11/02 09:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/11/02 15:50:30 | 00,021,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/10/05 16:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/13 14:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2000/06/01 15:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])
DRV - [2005/12/01 04:09:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2008/08/03 17:54:34 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/03 17:45:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/02/17 19:41:50 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/05/14 16:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf [Boot | Running])
DRV - [2006/10/02 01:55:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running])
DRV - [2005/03/28 09:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/12/05 16:11:56 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/02 01:55:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
DRV - [2008/05/14 16:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN [Boot | Running])
DRV - [2005/07/05 14:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
DRV - [2005/12/07 04:12:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF [System | Running])
DRV - [2007/03/09 02:57:02 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
DRV - [2008/08/03 17:45:44 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2008/02/22 15:54:40 | 00,037,312 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\Tvti2c.sys -- (TVTI2C [On_Demand | Running])
DRV - [2007/12/05 16:42:20 | 00,046,656 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtumon.sys -- (tvtumon [System | Running])
DRV - [2005/09/12 12:49:44 | 03,298,432 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/10/18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\S-1-5-21-2078412224-1777049373-2528856746-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (302790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10436 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S File not found
O4 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..Trusted Sites: microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\system32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\system32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 19:27:43 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/24 12:09:06 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ispovlzh.exe
[2009/03/24 12:08:40 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/03/22 22:25:02 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\dds.scr.sav
[2009/03/20 07:26:24 | 52,683,1616 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/16 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/03/14 18:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Malwarebytes
[2009/03/14 18:13:02 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 18:13:02 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 18:12:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 18:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 18:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 17:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/03/14 17:45:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/14 14:25:05 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/14 14:24:39 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/14 09:46:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/13 22:49:46 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 22:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/13 22:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/13 22:41:56 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Susan\Desktop\spybotsd162.exe
[2009/03/13 22:34:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 22:33:42 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/13 22:32:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/13 22:32:12 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/13 22:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/13 22:31:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/13 22:29:27 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Susan\Desktop\Ad-AwareAE.exe
[2009/03/06 22:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common
[2009/03/06 00:49:53 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\He'll Find A Way.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/24 12:14:02 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/03/24 09:09:34 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ispovlzh.exe
[2009/03/24 09:08:18 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/03/23 15:55:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 12:58:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/23 12:58:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/23 12:58:18 | 52,683,1616 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/23 11:14:43 | 34,337,955 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/22 22:25:06 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\dds.scr.sav
[2009/03/22 21:16:42 | 00,049,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/20 07:25:20 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2009/03/19 23:24:33 | 00,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 22:15:20 | 00,022,128 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/14 18:13:02 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 13:35:02 | 00,302,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/13 22:49:46 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 22:41:56 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Susan\Desktop\spybotsd162.exe
[2009/03/13 22:34:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 22:32:12 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/13 22:30:23 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Susan\Desktop\Ad-AwareAE.exe
[2009/03/12 19:23:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 15:06:57 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/08 16:27:48 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 16:27:48 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 16:27:48 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 00:49:53 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\He'll Find A Way.doc
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
==========================================




GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-24 14:08:16
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF877387E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8773C10]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 15: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 9254 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 49152 bytes
File C:\RRbackups\common\settings.dat 24576 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2078412224-1777049373-2528856746-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\8d13d58b-1fd8-4597-94c6-d220ae69d95a 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\9ceb125e-de7c-4833-8513-e8754966bfdc 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-500\fb2e45e8-5be6-4f83-9aa1-7b0d39c869fb 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_12b2244a-1fd3-4029-8014-b79277e4eebb 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_12b2244a-1fd3-4029-8014-b79277e4eebb 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_12b2244a-1fd3-4029-8014-b79277e4eebb 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_12b2244a-1fd3-4029-8014-b79277e4eebb 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_12b2244a-1fd3-4029-8014-b79277e4eebb 893 bytes
File C:\RRbackups\Documents and Settings\Brandon 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2078412224-1777049373-2528856746-1005 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\8d13d58b-1fd8-4597-94c6-d220ae69d95a 388 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\9ceb125e-de7c-4833-8513-e8754966bfdc 388 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1005 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1005\fa53f630-dbd9-42e6-98cc-430738963c02 388 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Brandon\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\8d13d58b-1fd8-4597-94c6-d220ae69d95a 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\9ceb125e-de7c-4833-8513-e8754966bfdc 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Susan 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Lenovo\Client Security Solution\encobject.dat 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Lenovo\Client Security Solution\enroll.ini 32 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2078412224-1777049373-2528856746-1006 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2078412224-1777049373-2528856746-1006\6e50728c5f4ff5c4f3a8628c21849f3c_12b2244a-1fd3-4029-8014-b79277e4eebb 46 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2078412224-1777049373-2528856746-1006\8f71098770f72c7a67cd8f1151619865_12b2244a-1fd3-4029-8014-b79277e4eebb 54 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\8d13d58b-1fd8-4597-94c6-d220ae69d95a 388 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-1292428093-1957994488-1343024091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\9ceb125e-de7c-4833-8513-e8754966bfdc 388 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-1878671472-265024183-1319836940-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1006 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1006\0a447720-9218-46c9-b984-d89a2826e0cf 388 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1006\294a1dde-ad4c-4456-8d86-cb4d2cd139ac 388 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1006\498d33b2-3ed7-4f9e-87e6-c38a9773aff4 388 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\Protect\S-1-5-21-2078412224-1777049373-2528856746-1006\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Susan\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 17121 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 194 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250032 bytes
File C:\RRbackups\FR\UF\Windows 0 bytes
File C:\RRbackups\FR\UF\Windows\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\Windows\Fonts 0 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\Windows\system32 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\advpack.dll 124928 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\config 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\csrsrv.dll 32256 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\Windows\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\Windows\system32\dnsapi.dll 147968 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\http.sys 264832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ksecdd.sys 92288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mrxsmb.sys 455296 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mup.sys 105344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndistapi.sys 10112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndproxy.sys 40576 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\srv.sys 333952 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\syntp.sys 177664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tcpip6.sys 225856 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbport.sys 143872 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fontsub.dll 80896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\hal.dll 81152 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\Windows\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lsasrv.dll 728064 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\Windows\system32\mfc42.dll 1028096 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mfc42u.dll 981760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msasn1.dll 57344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msv1_0.dll 132608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntdll.dll 706048 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntoskrnl.exe 2189184 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\Windows\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\Windows\system32\ole32.dll 1287168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleacc.dll 163328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleaccrc.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rpcrt4.dll 584704 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rpcss.dll 399360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\Windows\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\Windows\system32\services.exe 108544 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shell32.dll 8461312 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shlwapi.dll 474112 bytes
File C:\RRbackups\FR\UF\Windows\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\Windows\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\Windows\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\Windows\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\Windows\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\Windows\system32\secur32.dll 56320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\Windows\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\win32k.sys 1846784 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wininet.dll 826368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\Windows\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wintrust.dll 176640 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 24 March 2009 - 02:07 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    You posted exactly what I need to see. :thumbup2:


    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll ()
    
    :Files
    C:\Documents and Settings\Susan\Desktop\ispovlzh.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 24 March 2009 - 09:12 PM

Just so you know we don't need to worry about it, that file on the desktop we nuked, ispovlzh.exe, was actually GMER. Their site offered a download of the exe with a random name to defeat malware designed to prevent its use. If there's a need for us to put it back I'll give it its proper name to avoid further confusion.

So, I ran the fix and rebooted. Upon logging in, this folder opened: c:\program files\common

It contains three files:
helper.sig
_helper.sig
helper.dll

Kaspersky came up with nothing. Here's the fresh OTL2 log:

OTListIt logfile created on: 3/24/2009 12:09:38 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.36 Mb Total Physical Memory | 256.30 Mb Available Physical Memory | 51.02% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.95 Gb Total Space | 21.66 Gb Free Space | 63.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 487.73 Mb Total Space | 486.98 Mb Free Space | 99.85% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-8E0B10B6
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/02/17 18:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/02/17 18:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/12/01 04:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2009/02/10 21:11:32 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/02/17 18:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2008/06/13 17:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe
PRC - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe
PRC - [2008/06/13 17:42:54 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/12/05 17:17:14 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/12/05 17:21:32 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/12/05 16:42:18 | 00,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe
PRC - [2007/12/05 17:09:48 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2009/02/10 21:11:36 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/02/10 21:11:43 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/02/10 21:11:41 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/10 21:11:42 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/06/06 18:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/06/05 02:36:00 | 00,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/10/02 10:19:48 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/11/24 04:02:00 | 00,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/07/05 17:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/05/30 15:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/10/28 14:08:32 | 00,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2009/02/10 21:11:23 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/12/05 16:14:34 | 00,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/12/05 16:14:20 | 00,524,288 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/11/02 09:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/11/02 08:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/10/06 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/10/14 09:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/06/13 20:08:54 | 03,073,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2003/12/22 09:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/08/11 00:24:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/12/22 09:38:40 | 00,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2009/03/24 09:08:18 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/10 21:11:36 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/02/10 21:11:32 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/02/17 18:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/30 21:16:11 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/12/01 04:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2008/04/13 20:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/02/17 18:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/02/17 18:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe -- (SUService [Auto | Running])
SRV - [2008/06/13 17:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
SRV - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2008/06/13 17:42:54 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
SRV - [2007/12/05 17:17:14 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2007/12/05 17:21:32 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2007/12/05 16:42:18 | 00,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor [Auto | Running])
SRV - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/11 03:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/11 00:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/04 19:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2008/07/24 17:09:48 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/05/17 10:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\DRIVERS\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
DRV - [2009/02/10 21:11:42 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/02/10 21:11:43 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/02/10 21:11:40 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/24 10:28:48 | 00,170,392 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2004/01/05 03:27:32 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/01/05 03:27:34 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/01/05 03:27:34 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/10/18 16:52:38 | 00,242,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/10/18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2004/11/02 09:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/11/02 15:50:30 | 00,021,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/10/05 16:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/13 14:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2000/06/01 15:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])
DRV - [2005/12/01 04:09:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2008/08/03 17:54:34 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/03 17:45:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/02/17 19:41:50 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/05/14 16:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf [Boot | Running])
DRV - [2006/10/02 01:55:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running])
DRV - [2005/03/28 09:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/12/05 16:11:56 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/02 01:55:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
DRV - [2008/05/14 16:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN [Boot | Running])
DRV - [2005/07/05 14:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
DRV - [2005/12/07 04:12:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF [System | Running])
DRV - [2007/03/09 02:57:02 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
DRV - [2008/08/03 17:45:44 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2008/02/22 15:54:40 | 00,037,312 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\Tvti2c.sys -- (TVTI2C [On_Demand | Running])
DRV - [2007/12/05 16:42:20 | 00,046,656 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtumon.sys -- (tvtumon [System | Running])
DRV - [2005/09/12 12:49:44 | 03,298,432 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/10/18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\S-1-5-21-2078412224-1777049373-2528856746-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (302790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10436 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S File not found
O4 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..Trusted Sites: microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\system32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\system32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 19:27:43 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/24 12:09:06 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\ispovlzh.exe
[2009/03/24 12:08:40 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/03/22 22:25:02 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\dds.scr.sav
[2009/03/20 07:26:24 | 52,683,1616 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/16 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/03/14 18:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Malwarebytes
[2009/03/14 18:13:02 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 18:13:02 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 18:12:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 18:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 18:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 17:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/03/14 17:45:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/14 14:25:05 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/14 14:24:39 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/14 09:46:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/13 22:49:46 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 22:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/13 22:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/13 22:41:56 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Susan\Desktop\spybotsd162.exe
[2009/03/13 22:34:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 22:33:42 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/13 22:32:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/13 22:32:12 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/13 22:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/13 22:31:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/13 22:29:27 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Susan\Desktop\Ad-AwareAE.exe
[2009/03/06 22:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common
[2009/03/06 00:49:53 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\He'll Find A Way.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/24 12:14:02 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/03/24 09:09:34 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\ispovlzh.exe
[2009/03/24 09:08:18 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/03/23 15:55:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 12:58:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/23 12:58:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/23 12:58:18 | 52,683,1616 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/23 11:14:43 | 34,337,955 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/22 22:25:06 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\dds.scr.sav
[2009/03/22 21:16:42 | 00,049,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/20 07:25:20 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2009/03/19 23:24:33 | 00,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 22:15:20 | 00,022,128 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/14 18:13:02 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 13:35:02 | 00,302,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/13 22:49:46 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 22:41:56 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Susan\Desktop\spybotsd162.exe
[2009/03/13 22:34:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 22:32:12 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/13 22:30:23 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Susan\Desktop\Ad-AwareAE.exe
[2009/03/12 19:23:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 15:06:57 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/08 16:27:48 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 16:27:48 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 16:27:48 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 00:49:53 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\He'll Find A Way.doc
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 25 March 2009 - 02:47 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll ()
    
    :Files
    C:\Program Files\Common\helper.dll
    C:\Program Files\Common\helper.sig
    C:\Program Files\Common\_helper.sig
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 25 March 2009 - 04:06 PM

Ran fix as requested. Upon reboot, the Common folder still opens, but the three files that were inside have disappeared.

After running the latest scan, I opened IE to its default home page (msn.com) and a freshly updated AVG detected the following: Trojan Downloader.Generic8.ACKR on object c:\WINDOWS\System32\mst123.dll. This was moved to the virus vault.

After that, browsing appears normal.

I've posted two things below; the first is the log of the fix you had me perform, in case there's anything useful there. Following that is the latest OTL2 scan log which, again, preceded the virus detection I noted above.

OTL Fix Log
========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ not found.
File C:\Program Files\Common\_helper.dll not found.
========== FILES ==========
C:\Program Files\Common\helper.dll NOT unregistered.
C:\Program Files\Common\helper.dll moved successfully.
C:\Program Files\Common\helper.sig moved successfully.
C:\Program Files\Common\_helper.sig moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Susan\Local Settings\Temp\hsperfdata_Susan\2632 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b38.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.1 log created on 03252009_161410

Files moved on Reboot...
File C:\Documents and Settings\Susan\Local Settings\Temp\hsperfdata_Susan\2632 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_b38.dat not found!

Registry entries deleted on Reboot...

=== END OTL Fix Log ===


=== OTL2 Scan Log ===
OTListIt logfile created on: 3/25/2009 4:25:35 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.36 Mb Total Physical Memory | 103.14 Mb Available Physical Memory | 20.53% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.84% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.95 Gb Total Space | 22.01 Gb Free Space | 64.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 487.73 Mb Total Space | 486.73 Mb Free Space | 99.79% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-8E0B10B6
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/02/17 18:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/02/17 18:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/12/01 04:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2009/02/10 21:11:32 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/24 16:51:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/02/17 18:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2008/06/13 17:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe
PRC - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe
PRC - [2008/06/13 17:42:54 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/12/05 17:17:14 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/12/05 17:21:32 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/12/05 16:42:18 | 00,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe
PRC - [2009/02/10 21:11:36 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/02/10 21:11:43 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2007/12/05 17:09:48 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2009/02/10 21:11:41 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/02/10 21:11:42 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/04 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/06/06 18:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/06/05 02:36:00 | 00,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/10/02 10:19:48 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/11/24 04:02:00 | 00,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/07/05 17:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2006/05/30 15:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/10/28 14:08:32 | 00,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2009/02/10 21:11:23 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/12/05 16:14:34 | 00,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/12/05 16:14:20 | 00,524,288 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/11/02 09:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2004/11/02 08:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/10/06 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/10/14 09:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2008/06/13 20:08:54 | 03,073,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2003/12/22 09:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/24 16:51:19 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/08/11 00:24:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/03/24 09:08:18 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/10 21:11:36 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/02/10 21:11:32 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/02/17 18:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/30 21:16:11 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/12/01 04:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2008/04/13 20:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/03/24 16:51:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/02/17 18:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/02/17 18:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe -- (SUService [Auto | Running])
SRV - [2008/06/13 17:29:44 | 00,746,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
SRV - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2008/06/13 17:42:54 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
SRV - [2007/12/05 17:17:14 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2007/12/05 17:21:32 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2007/12/05 16:42:18 | 00,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor [Auto | Running])
SRV - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/11 03:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/11 00:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/04 19:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2008/07/24 17:09:48 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/05/17 10:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\DRIVERS\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
DRV - [2009/02/10 21:11:42 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/02/10 21:11:43 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/02/10 21:11:40 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/24 10:28:48 | 00,170,392 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2004/01/05 03:27:32 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/01/05 03:27:34 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/01/05 03:27:34 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/10/18 16:52:38 | 00,242,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/10/18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2004/11/02 09:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/11/02 15:50:30 | 00,021,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/10/05 16:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/13 14:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2000/06/01 15:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])
DRV - [2005/12/01 04:09:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2008/08/03 17:54:34 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/03 17:45:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/02/17 19:41:50 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/05/14 16:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf [Boot | Running])
DRV - [2006/10/02 01:55:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running])
DRV - [2005/03/28 09:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/12/05 16:11:56 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/02 01:55:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
DRV - [2008/05/14 16:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN [Boot | Running])
DRV - [2005/07/05 14:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
DRV - [2005/12/07 04:12:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF [System | Running])
DRV - [2007/03/09 02:57:02 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
DRV - [2008/08/03 17:45:44 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2008/02/22 15:54:40 | 00,037,312 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\Tvti2c.sys -- (TVTI2C [On_Demand | Running])
DRV - [2007/12/05 16:42:20 | 00,046,656 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtumon.sys -- (tvtumon [System | Running])
DRV - [2005/09/12 12:49:44 | 03,298,432 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/10/18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\S-1-5-21-2078412224-1777049373-2528856746-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/24 16:51:19 | 00,000,000 | ---D | M]


O1 HOSTS File: (302790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10436 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S File not found
O4 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..Trusted Sites: microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2078412224-1777049373-2528856746-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\system32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\system32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 19:27:43 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/24 16:53:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/03/24 16:51:08 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/24 16:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Sun
[2009/03/24 15:31:01 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/24 12:08:40 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/03/22 22:25:02 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\dds.scr.sav
[2009/03/20 07:26:24 | 52,683,1616 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/16 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/03/14 18:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Application Data\Malwarebytes
[2009/03/14 18:13:02 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 18:13:02 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 18:12:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 18:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 18:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 17:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/03/14 17:45:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/14 14:25:05 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/14 14:24:39 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/14 09:46:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/13 22:49:46 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 22:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/13 22:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/13 22:41:56 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Susan\Desktop\spybotsd162.exe
[2009/03/13 22:34:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 22:33:42 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/13 22:32:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/13 22:32:12 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/13 22:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/13 22:31:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/13 22:29:27 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Susan\Desktop\Ad-AwareAE.exe
[2009/03/06 22:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common
[2009/03/06 00:49:53 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\He'll Find A Way.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/25 16:20:09 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/03/25 16:19:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/25 16:16:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/25 16:16:54 | 52,683,1616 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/25 16:16:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/25 16:12:25 | 34,419,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/25 16:12:25 | 00,057,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/24 15:34:44 | 03,232,000 | -H-- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\IconCache.db
[2009/03/24 09:08:18 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTListIt2.exe
[2009/03/22 22:25:06 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\dds.scr.sav
[2009/03/19 23:24:33 | 00,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 22:15:20 | 00,022,128 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/14 18:13:02 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 13:35:02 | 00,302,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/13 22:49:46 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 22:41:56 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Susan\Desktop\spybotsd162.exe
[2009/03/13 22:34:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 22:32:12 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/13 22:30:23 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Susan\Desktop\Ad-AwareAE.exe
[2009/03/12 19:23:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 15:06:57 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/08 16:27:48 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 16:27:48 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 16:27:48 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 00:49:53 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\He'll Find A Way.doc
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 25 March 2009 - 07:09 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 25 March 2009 - 09:24 PM

ComboFix 09-03-25.02 - Susan 2009-03-25 22:17:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.213 [GMT -4:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-25 22:09 . 2009-03-25 22:10 <DIR> d-------- C:\32788R22FWJFW
2009-03-24 16:53 . 2009-03-24 16:53 <DIR> d-------- c:\windows\Sun
2009-03-24 16:51 . 2009-03-24 16:51 <DIR> d-------- c:\program files\Java
2009-03-24 16:51 . 2009-03-24 16:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-24 16:51 . 2009-03-24 16:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-24 15:31 . 2009-03-24 15:31 <DIR> d-------- C:\_OTListIt
2009-03-16 22:12 . 2009-03-16 22:12 <DIR> d-------- c:\program files\MSECache
2009-03-14 18:13 . 2009-03-14 18:13 <DIR> d-------- c:\documents and settings\Susan\Application Data\Malwarebytes
2009-03-14 18:12 . 2009-03-14 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 17:53 . 2009-03-14 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop
2009-03-14 14:25 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-14 14:24 . 2009-03-14 14:24 <DIR> d-------- c:\program files\Panda Security
2009-03-14 09:46 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-13 22:49 . 2009-03-14 13:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-13 22:49 . 2009-03-14 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 22:33 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-13 22:32 . 2009-03-13 22:32 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-13 22:31 . 2009-03-13 22:31 <DIR> d-------- c:\program files\Lavasoft
2009-03-13 22:31 . 2009-03-13 22:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-06 22:11 . 2009-03-25 16:14 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-27 04:10 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-11 01:11 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-11 01:11 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-11 01:11 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 02:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-11 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2005-11-24 106496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 208896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-10 1601304]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-08-03 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-10 21:11 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 23:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-13 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-14 28544]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-03 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-03 107272]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-07-24 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-12-05 46656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-03 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-03 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-12-05 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2007-12-05 249856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 37312]
.
Contents of the 'Scheduled Tasks' folder

2009-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]

2009-03-26 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-12-07 04:12]

2008-07-30 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 20:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UIUCU - c:\docume~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE
HKLM-Run-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/us/en/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
Trusted Zone: microsoft.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 22:18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\tphklock.dll
.
Completion time: 2009-03-25 22:20:18
ComboFix-quarantined-files.txt 2009-03-26 02:20:12

Pre-Run: 23,527,497,728 bytes free
Post-Run: 23,542,153,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

153 --- E O F --- 2009-03-20 03:15:47

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 26 March 2009 - 02:06 PM

Is that folder still opening up when you boot up?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 26 March 2009 - 02:36 PM

Yes. Still nothing in it, though.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 26 March 2009 - 02:53 PM

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
Common

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 26 March 2009 - 03:27 PM

Sam,

The file was too big to post or attach, so I zipped it.

Lots of hits on the search string "Common," apparently. :thumbup2:

Attached Files



#14 scpanther

scpanther
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 26 March 2009 - 03:43 PM

Also, since posting that last, AVG's resident shield popped up another detection of the Downloader.Generic8.ACKR trojan while the machine was just sitting there idle. The infected object was apparently a System Restore point (correct me if I'm wrong on this...):

C:\System Volume Information\_restore{...string of characters...}\RP102\A0014451.dll

The detection was triggered by an instance of the svchost.exe process.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:47 AM

Posted 26 March 2009 - 03:58 PM

That's just detecting system restore files.


Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.


=================


Are there other user accounts on this computer?

Please delete this folder.

C:\Program Files\Common


Reboot and you may get an error message.
Let me know exactly what is in that error message, if you get it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users