Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious HJT logs


  • This topic is locked This topic is locked
14 replies to this topic

#1 daniel.meiers

daniel.meiers

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 May 2010 - 05:31 PM

Ok, so I didn't follow through on the last thread and it seems like I was able to remove the malware with malwarebytes anti malware. I didn't get the log from the other post but I have log info from the security check and hjt not on safe mode.

Security Check:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Trend Micro Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 17
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security TmPfw.exe
Trend Micro Internet Security TmProxy.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro BM TMBMSRV.exe
Trend Micro HijackThis HiJackThis.exe
Trend Micro Internet Security UfNavi.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:19 PM, on 5/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Documents and Settings\Daniel\My Documents\Downloads\SecurityCheck(2).exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://geosense.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lenovo.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Google Update Service (gupdate1ca290a8f1516fa) (gupdate1ca290a8f1516fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9676 bytes


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 20 May 2010 - 09:20 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 daniel.meiers

daniel.meiers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 May 2010 - 06:32 PM

OTL.txt

OTL logfile created on: 5/20/2010 7:04:13 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 565.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 41.52 Gb Free Space | 39.96% Space Free | Partition Type: FAT32
Drive D: | 30.38 Gb Total Space | 29.61 Gb Free Space | 97.47% Space Free | Partition Type: NTFS
Drive E: | 636.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.46 Gb Total Space | 3.93 Gb Free Space | 52.69% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-AZTK9000
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/20 18:56:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe
PRC - [2010/03/18 12:03:36 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/01/26 03:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/26 03:39:46 | 000,715,368 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/01/13 18:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/12/14 22:14:18 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/12/14 22:14:18 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/12/14 22:14:18 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/12/02 12:21:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/09/16 21:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/09/11 15:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2009/08/24 08:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/08/24 08:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/06/17 07:44:12 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/07 05:48:54 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/08/28 15:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/07/09 16:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/06/23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 18:56:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/01/26 03:39:46 | 000,715,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/12/14 22:14:18 | 000,689,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/12/14 22:14:18 | 000,497,008 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/12/14 22:14:18 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/12/02 12:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/11 15:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/08/24 08:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/06/23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - [2009/12/17 18:25:14 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/14 22:14:36 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/12/14 22:14:36 | 000,158,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/14 22:14:36 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/12/14 22:14:36 | 000,059,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/12/14 22:14:36 | 000,050,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/12/04 12:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 12:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 12:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/12/02 12:12:46 | 000,171,400 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/12/02 12:12:46 | 000,142,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/12/02 12:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/12/02 12:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 12:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 12:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 12:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/08/09 17:25:58 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/02/18 18:31:06 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/24 18:04:10 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/08/05 20:10:14 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/07/23 10:03:26 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/06/23 12:24:00 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/06/11 14:14:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/30 11:46:14 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/05/23 10:21:28 | 000,225,280 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/20 17:46:48 | 001,286,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/15 13:12:08 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/02/04 17:57:46 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 17:57:32 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/09/20 11:59:16 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/01/04 15:41:50 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://geosense.net/
IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.85.20100407
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/02 08:49:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/04/02 08:49:14 | 000,000,000 | ---D | M]

[2009/04/02 08:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Extensions
[2009/04/02 08:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions
[2010/04/27 08:01:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 07:41:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/24 23:12:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/02/03 07:40:56 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/12/08 16:03:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/15 22:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/05 03:38:52 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2009/04/05 01:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/15 22:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\ietab@ip.cn
[2009/04/05 03:19:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\searchplugins\ask.xml
[2010/05/18 08:30:06 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\searchplugins\btjunkie.xml
[2009/04/02 08:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/11 03:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\New Folder
[2010/02/14 19:06:00 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/12/05 21:13:32 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 10:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1998/08/19 17:07:30 | 000,000,057 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{688cdf2e-5576-11df-9877-002100c227b6}\Shell - "" = AutoRun
O33 - MountPoints2\{688cdf2e-5576-11df-9877-002100c227b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{688cdf2e-5576-11df-9877-002100c227b6}\Shell\AutoRun\command - "" = E:\LAUNCHER\LAUNCHER.EXE -- [2000/04/18 19:42:24 | 003,973,120 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/07/28 09:46:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 19:01:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe
[2010/05/01 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010/05/01 19:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/05/01 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/01 17:59:35 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/04/29 10:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Sanse Playlister
[2010/04/29 10:30:50 | 000,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AudioGenie2.dll
[2010/04/29 10:30:50 | 000,231,139 | ---- | C] (Innovasys) -- C:\WINDOWS\System32\BtnPlus1.ocx
[2010/04/29 10:30:50 | 000,151,552 | ---- | C] (Hot Coffee Software) -- C:\WINDOWS\System32\HcStatusbar.ocx
[2010/04/29 10:30:50 | 000,065,536 | ---- | C] (Hot Coffee Software) -- C:\WINDOWS\System32\HcAnch32.ocx
[2010/04/29 10:30:50 | 000,045,056 | ---- | C] (Hot Coffee Software) -- C:\WINDOWS\System32\HcMaxMin.ocx
[2010/04/29 10:30:49 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYSINFO.OCX
[2010/04/29 10:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sanse Playlister
[2010/04/26 23:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/26 23:52:26 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/04/26 19:45:13 | 000,000,000 | ---D | C] -- C:\Games
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 19:14:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/20 18:56:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe
[2010/05/20 15:30:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/20 15:29:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/20 15:29:44 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2010/05/20 15:29:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 15:29:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 15:29:36 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/20 09:53:42 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Daniel\NTUSER.DAT
[2010/05/20 09:53:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel\ntuser.ini
[2010/05/20 09:53:34 | 004,288,144 | -H-- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\IconCache.db
[2010/05/20 08:00:02 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\04 - Red Hot Chili Peppers - Scar Tissue - greates hits.job
[2010/05/19 12:08:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1821195259-1659143647-1383827637-1005Core1cac6b4996c51ca.job
[2010/05/19 07:29:46 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 16:52:58 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\HiJackThis.lnk
[2010/05/15 20:24:20 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 12:47:46 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NetDrive.lnk
[2010/05/14 18:45:32 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\BigDisk.lnk
[2010/05/14 15:27:50 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Daniel.acl
[2010/05/14 14:58:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/13 16:10:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 07:10:50 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 19:00:28 | 000,033,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/01 19:20:08 | 000,000,595 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/05/01 19:08:14 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/04/29 10:30:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sanse Playlister.lnk
[2010/04/26 19:04:10 | 000,000,832 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 08:16:44 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\HiJackThis.lnk
[2010/05/15 20:24:18 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 15:27:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Daniel.acl
[2010/05/01 19:20:07 | 000,000,595 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/05/01 19:08:12 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/04/29 10:30:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sanse Playlister.lnk
[2010/04/29 10:30:50 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2009/12/14 22:24:21 | 000,059,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/12/14 22:24:21 | 000,050,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/12/14 17:48:32 | 000,158,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/03/07 07:34:03 | 000,012,376 | ---- | C] () -- C:\WINDOWS\PICI.INI
[2009/03/07 07:34:03 | 000,001,681 | ---- | C] () -- C:\WINDOWS\TESTSET.INI
[2009/03/07 06:36:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/07 05:48:55 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/03/07 05:48:55 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/03/07 05:48:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/03/07 05:48:54 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/03/07 05:48:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/03/07 05:48:54 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/03/07 05:48:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/03/07 05:48:53 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/03/07 05:48:53 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/03/07 05:48:53 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/03/07 05:48:53 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/03/07 05:48:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/03/07 05:48:52 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/03/07 05:48:52 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/03/07 05:48:52 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/03/07 05:48:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/03/07 05:48:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/03/07 05:25:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/06 22:51:52 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/06/23 23:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/03/29 12:58:46 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/07/28 09:55:50 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/07/28 09:55:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/28 09:55:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2008/05/29 21:45:46 | 000,539,688 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB922120-v6-x86-ENU.exe
< End of report >

Extras.txt
OTL Extras logfile created on: 5/20/2010 7:04:13 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 565.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 41.52 Gb Free Space | 39.96% Space Free | Partition Type: FAT32
Drive D: | 30.38 Gb Total Space | 29.61 Gb Free Space | 97.47% Space Free | Partition Type: NTFS
Drive E: | 636.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.46 Gb Total Space | 3.93 Gb Free Space | 52.69% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-AZTK9000
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"57763:TCP" = 57763:TCP:*:Enabled:Pando Media Booster
"57763:UDP" = 57763:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe" = C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Daniel\My Documents\utorrent.exe" = C:\Documents and Settings\Daniel\My Documents\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Subagames\ACE Online\Launcher.atm" = C:\Program Files\Subagames\ACE Online\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe" = C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F85AF6-F14A-45D8-9674-2CE35A08B076}" = Lenovo First Boot
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F5AF4AA-7F77-47FC-9E22-519822FC6365}" = Sprint SmartView
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE79E274-824C-4F9C-9534-587132E29AA1}" = Lenovo Idea Notes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Ask Toolbar_is1" = Ask Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FrostWire" = FrostWire 4.20.3
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"IsoBuster_is1" = IsoBuster 2.5
"Jubler" = Jubler subtitle editor
"jZip" = jZip
"Lenovo Idea Central" = Lenovo Idea Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MS Access 97 SP2" = MS Access 97 SP2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Recuva" = Recuva
"Sanse Playlister_is1" = Sanse Playlister Ver1.5
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"VeriFace III" = VeriFace III
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.2
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.4
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2010 8:15:09 PM | Computer Name = DANIEL-AZTK9000 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/20/2010 3:31:08 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 3:43:55 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 4:14:06 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 4:43:55 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 5:14:06 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 5:43:55 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 6:14:06 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 6:43:56 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

Error - 5/20/2010 7:14:09 PM | Computer Name = DANIEL-AZTK9000 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/17/2010 8:00:39 AM | Computer Name = DANIEL-AZTK9000 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service
service to connect.

Error - 4/17/2010 8:00:39 AM | Computer Name = DANIEL-AZTK9000 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Proxy Service service failed to start due to the following
error: %%1053

Error - 4/22/2010 4:18:34 PM | Computer Name = DANIEL-AZTK9000 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIEL-44BDF985 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2839E290-ACA. The master browser is stopping or an election is being
forced.

Error - 4/27/2010 7:23:42 AM | Computer Name = DANIEL-AZTK9000 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 80000004, parameter2 806ecae1, parameter3
aa23371c, parameter4 00000000.

Error - 4/27/2010 7:58:28 AM | Computer Name = DANIEL-AZTK9000 | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 84ec9da8, parameter2 86b227c8, parameter3
86b1d168, parameter4 00000001.

Error - 4/28/2010 8:10:31 AM | Computer Name = DANIEL-AZTK9000 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/28/2010 8:10:31 AM | Computer Name = DANIEL-AZTK9000 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/1/2010 12:25:10 PM | Computer Name = DANIEL-AZTK9000 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIEL-44BDF985 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2839E290-ACA. The master browser is stopping or an election is being
forced.

Error - 5/15/2010 4:28:59 PM | Computer Name = DANIEL-AZTK9000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 002100C227B6 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/15/2010 7:33:34 PM | Computer Name = DANIEL-AZTK9000 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 002100C227B6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 21 May 2010 - 08:25 AM

Hi,

Can you tell me what problems you are currently having?


You don't have the latest version of Java, you should run JavaRa to clean up any older Java, then
download and install the latest version from here.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTLO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
    O3 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
    O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O37 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
    :Reg
    [HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    :Commands
    [Resethosts]
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#5 daniel.meiers

daniel.meiers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 21 May 2010 - 09:36 PM

Unfortunately, the log came up after the restart was lost due to distraction.
Initially, the problem was Fake antivirus trojan. I ran malware bytes like sifumike instructed me to do. I assumed that fixed it because I could run programs again and wasn't harassed by the trojan anymore. I know there are such malware that can steal passwords without you knowing about their presence. I was concerned that in spite of having run Malwarebytes Anti-Malware that spyware and/or malware was still present on the machine after running MBAM.

http://www.bleepingcomputer.com/forums/top...ml#entry1568779
was the first post

see if anything will concern you.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 22 May 2010 - 07:19 AM

I can not tell anything from a topic that is 5 months old, so please post the log I asked for.

The fix log will be located in the following folder, it will be named with time and date it was done.

C:\_OTL\MovedFiles\

The new scan log will be located where you ran OTL from.

unite.jpg


#7 daniel.meiers

daniel.meiers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 May 2010 - 05:07 PM

All processes killed
Error: Unable to interpret <:OTLO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - File not found> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O37 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found> in the current context!
========== REGISTRY ==========
HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33096 bytes

User: Daniel
->Temp folder emptied: 31481082 bytes
->Temporary Internet Files folder emptied: 261106380 bytes
->Java cache emptied: 82360122 bytes
->FireFox cache emptied: 92584573 bytes
->Google Chrome cache emptied: 241888748 bytes
->Apple Safari cache emptied: 24922238 bytes
->Flash cache emptied: 2228312 bytes

User: Administrator
->Temp folder emptied: 52593582 bytes
->Temporary Internet Files folder emptied: 76436952 bytes
->Flash cache emptied: 1158 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172296957 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23432466 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,014.00 mb


[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Daniel
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05212010_115849

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 23 May 2010 - 06:50 AM

What about the new OTL log? if you can't find it the run a new scan, using the run scan button, then
post the new log.

unite.jpg


#9 daniel.meiers

daniel.meiers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 23 May 2010 - 01:51 PM

I ran a new scan.

OTL logfile created on: 5/23/2010 2:33:15 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Daniel\Desktop\RegCleaning
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 465.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 49.91 Gb Free Space | 48.04% Space Free | Partition Type: FAT32
Drive D: | 30.38 Gb Total Space | 29.61 Gb Free Space | 97.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-AZTK9000
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/20 18:56:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\RegCleaning\OTL.exe
PRC - [2010/04/26 13:13:26 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/18 12:03:36 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/14 19:06:08 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/01/26 03:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/26 03:39:46 | 000,715,368 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/01/13 18:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/12/14 22:14:18 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/12/14 22:14:18 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/12/14 22:14:18 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/12/02 12:21:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/09/16 21:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/09/11 15:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2009/08/24 08:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/08/24 08:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/06/17 07:44:12 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/07 05:48:54 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/08/28 15:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/07/09 16:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/06/23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 18:56:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\RegCleaning\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/01/26 03:39:46 | 000,715,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/12/14 22:14:18 | 000,689,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/12/14 22:14:18 | 000,497,008 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/12/14 22:14:18 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/12/02 12:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/11 15:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/08/24 08:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/06/23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - [2009/12/17 18:25:14 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/14 22:14:36 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/12/14 22:14:36 | 000,158,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/14 22:14:36 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/12/14 22:14:36 | 000,059,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/12/14 22:14:36 | 000,050,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/12/04 12:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 12:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 12:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/12/02 12:12:46 | 000,171,400 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/12/02 12:12:46 | 000,142,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/12/02 12:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/12/02 12:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 12:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 12:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 12:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/08/09 17:25:58 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/02/18 18:31:06 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/24 18:04:10 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/08/05 20:10:14 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/07/23 10:03:26 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/06/23 12:24:00 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/06/11 14:14:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/30 11:46:14 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/05/23 10:21:28 | 000,225,280 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/20 17:46:48 | 001,286,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/15 13:12:08 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/02/04 17:57:46 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 17:57:32 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/09/20 11:59:16 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/01/04 15:41:50 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://geosense.net/
IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.85.20100407
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/02 08:49:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/04/02 08:49:14 | 000,000,000 | ---D | M]

[2009/04/02 08:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Extensions
[2009/04/02 08:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions
[2010/04/27 08:01:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 07:41:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/24 23:12:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/02/03 07:40:56 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/12/08 16:03:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/15 22:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/05 03:38:52 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2009/04/05 01:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/15 22:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\extensions\ietab@ip.cn
[2009/04/05 03:19:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\searchplugins\ask.xml
[2010/05/22 20:34:48 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\fmo5m2o0.default\searchplugins\btjunkie.xml
[2009/04/02 08:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/21 11:51:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/04/11 03:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\New Folder
[2010/02/14 19:06:00 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/04/12 17:29:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/21 21:59:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 10:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1821195259-1659143647-1383827637-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 13:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\RegCleaning
[2010/05/21 11:58:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/21 11:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/21 11:51:04 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/21 11:51:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/21 11:51:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/21 11:51:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/01 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010/05/01 19:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/05/01 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/01 17:59:35 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/04/29 10:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Sanse Playlister
[2010/04/29 10:30:50 | 000,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AudioGenie2.dll
[2010/04/29 10:30:50 | 000,231,139 | ---- | C] (Innovasys) -- C:\WINDOWS\System32\BtnPlus1.ocx
[2010/04/29 10:30:50 | 000,151,552 | ---- | C] (Hot Coffee Software) -- C:\WINDOWS\System32\HcStatusbar.ocx
[2010/04/29 10:30:50 | 000,065,536 | ---- | C] (Hot Coffee Software) -- C:\WINDOWS\System32\HcAnch32.ocx
[2010/04/29 10:30:50 | 000,045,056 | ---- | C] (Hot Coffee Software) -- C:\WINDOWS\System32\HcMaxMin.ocx
[2010/04/29 10:30:49 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYSINFO.OCX
[2010/04/29 10:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sanse Playlister
[2010/04/26 23:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/26 23:52:26 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/04/26 19:45:13 | 000,000,000 | ---D | C] -- C:\Games

========== Files - Modified Within 30 Days ==========

[2010/05/23 14:28:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 14:28:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/23 14:28:12 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2010/05/23 14:28:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 14:28:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 14:28:04 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 04:04:04 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Daniel\NTUSER.DAT
[2010/05/23 04:04:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel\ntuser.ini
[2010/05/23 03:14:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 20:30:34 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/22 16:55:28 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\BigDisk.lnk
[2010/05/22 08:00:02 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\04 - Red Hot Chili Peppers - Scar Tissue - greates hits.job
[2010/05/21 14:58:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/21 12:09:44 | 004,288,528 | -H-- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\IconCache.db
[2010/05/21 12:09:44 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1821195259-1659143647-1383827637-1005Core1cac6b4996c51ca.job
[2010/05/15 20:24:20 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 12:47:46 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NetDrive.lnk
[2010/05/14 15:27:50 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Daniel.acl
[2010/05/13 16:10:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 07:10:50 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 19:00:28 | 000,033,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/01 19:20:08 | 000,000,595 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/05/01 19:08:14 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/04/29 10:30:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sanse Playlister.lnk
[2010/04/26 19:04:10 | 000,000,832 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/05/15 20:24:18 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 15:27:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Daniel.acl
[2010/05/01 19:20:07 | 000,000,595 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/05/01 19:08:12 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/04/29 10:30:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sanse Playlister.lnk
[2010/04/29 10:30:50 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2009/12/14 22:24:21 | 000,059,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/12/14 22:24:21 | 000,050,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/12/14 17:48:32 | 000,158,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/03/07 07:34:03 | 000,012,376 | ---- | C] () -- C:\WINDOWS\PICI.INI
[2009/03/07 07:34:03 | 000,001,681 | ---- | C] () -- C:\WINDOWS\TESTSET.INI
[2009/03/07 06:36:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/07 05:48:55 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/03/07 05:48:55 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/03/07 05:48:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/03/07 05:48:54 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/03/07 05:48:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/03/07 05:48:54 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/03/07 05:48:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/03/07 05:48:53 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/03/07 05:48:53 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/03/07 05:48:53 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/03/07 05:48:53 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/03/07 05:48:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/03/07 05:48:52 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/03/07 05:48:52 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/03/07 05:48:52 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/03/07 05:48:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/03/07 05:48:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/03/07 05:25:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/06 22:51:52 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/06/23 23:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/03/29 12:58:46 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
< End of report >


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 24 May 2010 - 06:55 AM

Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then please post back here with the following logs:
  • mbr.log
  • ESET report
  • New HijackThis log

Thanks

unite.jpg


#11 daniel.meiers

daniel.meiers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 25 May 2010 - 05:51 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

ESET did not produce a log.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:47:20 PM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Turbine\DDO Unlimited\TurbineLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://geosense.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lenovo.live.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Google Update Service (gupdate1ca290a8f1516fa) (gupdate1ca290a8f1516fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9900 bytes


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 26 May 2010 - 06:58 AM

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#13 daniel.meiers

daniel.meiers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 26 May 2010 - 02:56 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 28 May 2010 - 05:44 AM

Your logs look fine to me.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you
do not update your antivirus software then it will not be able to catch any of the new variants that may come
out. If you use a commercial antivirus program you must make sure you keep renewing your subscription.
Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra
layer of protection. You should update and scan with it as you would with your Anti Virus, Most Anti Spyware
programs don't have active protection, unless you have a paid version, so in that case you can have more
than one installed for scanning purposes but you also don't want to bloat your computer with these
programs, so I would recommend having no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:22 PM

Posted 29 May 2010 - 01:17 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users