Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help for Google Virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 lightfactor

lightfactor

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 18 October 2010 - 10:43 PM

My computer has been infected by the Google virus. Need help for removal >.<

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:43 AM, on 19/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\SPUser\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\W3Launcher RC2\Extras\VeeTee\WMC\WMC.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] "C:\Program Files\Pando Networks\Media Booster\PMB.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_en-GB;_rv:1.9.2.9)_Gecko/20100824_Firefox/3.6.9_(_.NET_CLR_3.5.30729;_.NET4.0C)" -"file:///D:/SPWORK~1/YEAR1~1/SEM2~1/ANATOM~1/A&PCD~1/files/systems/media.html?cardio/cardcycl/01"
O4 - Startup: Dropbox.lnk = SPUser\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Unknown owner - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca1ce470838870) (gupdate1ca1ce470838870) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 20233 bytes

Sorry if I posted wrongly, I'm a new user here

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 27 October 2010 - 06:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 28 October 2010 - 10:06 AM

Hi m0le and thanks for the reply.

Lately I've been trying out different fixes suggested by other forum helpers/other websites based on similar issues faced. So far I have not seen the redirect caused by the virus for almost a week, but I'm still having constant white pages when I visit some websites due to a redirect to gostats.com. As such I'm not too sure if my computer is still infected or not.

I have done the first scan (DDS) and below are the results. As I need to use my computer tonight I'll be doing the last 2 parts later overnight.


DDS (Ver_10-10-21.02) - NTFSx86
Run by SPUser at 21:32:18.36 on Thu 28/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3032.1294 [GMT 8:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Users\SPUser\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtITunesPlugIn.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\SPUser\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_en-GB;_rv:1.9.2.9)_Gecko/20100824_Firefox/3.6.9_(_.NET_CLR_3.5.30729;_.NET4.0C)" -"file:///D:/SPWORK~1/YEAR1~1/SEM2~1/ANATOM~1/A&PCD~1/files/systems/media.html?cardio/cardcycl/01"
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe"
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [Krait] c:\program files\razer\krait\razerhid.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
StartupFolder: c:\users\spuser\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\spuser\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\spuser\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\spuser\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: sp.edu.sg\esp
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\users\spuser\appdata\roaming\mozilla\firefox\profiles\gqsv9ywe.default\
FF - prefs.js: browser.startup.homepage - xin.msn.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\spuser\appdata\roaming\mozilla\firefox\profiles\gqsv9ywe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\spuser\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-10-14 24304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-24 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-24 173104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-6 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-24 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20101027.001\IDSvix86.sys [2010-10-20 353840]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-10-14 13480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-24 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-9-24 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-10-14 50536]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2010-10-14 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-10-14 93032]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-24 126392]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-10-14 63928]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-2-22 2058776]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-7-25 370872]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-2-22 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-3-19 482176]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-11-21 220288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
R3 krait03;Razer krait USB Filter Driver;c:\windows\system32\drivers\krait.sys [2009-3-14 13324]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-7-14 6814720]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-11-24 23152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca1ce470838870;Google Update Service (gupdate1ca1ce470838870);c:\program files\google\update\GoogleUpdate.exe [2009-8-14 133104]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-10-14 45496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-11 1153368]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-4 29472]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-1-25 79360]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-10-14 132456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-18 16128]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2009-12-22 23552]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-7 6000640]
S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-8 21360]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-2-22 75112]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 twtyfilt;twtyfilt;c:\windows\system32\drivers\twtyfilt.sys [2009-8-3 20480]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2010-10-27 00:38:09 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{32decb57-ec0a-4664-b463-70e7dd8f4847}\mpengine.dll
2010-10-27 00:37:51 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 00:37:50 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 00:37:50 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 00:37:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 00:37:44 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-24 04:02:12 -------- d-----w- c:\users\spuser\appdata\roaming\Windows Live Writer
2010-10-24 04:02:12 -------- d-----w- c:\users\spuser\appdata\local\Windows Live Writer
2010-10-24 03:53:17 -------- d-----w- c:\windows\en
2010-10-24 03:53:01 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-24 03:48:42 -------- d-----w- c:\program files\MSN Toolbar
2010-10-24 03:47:08 469256 ----a-w- c:\program files\common files\windows live\.cache\21040ab81cb732e0e\InstallManager_WLE_WLE.exe
2010-10-22 16:39:26 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL
2010-10-22 15:24:37 -------- d-----w- c:\program files\ESET
2010-10-22 13:30:49 -------- d-----w- C:\_OTL
2010-10-19 03:12:25 388096 ----a-r- c:\users\spuser\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-19 03:12:25 -------- d-----w- c:\program files\Trend Micro
2010-10-18 12:24:06 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-10-18 12:24:06 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-17 09:53:56 -------- d-----w- c:\users\spuser\appdata\roaming\OpenOffice.org
2010-10-15 13:12:15 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-14 10:34:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-10-14 10:05:56 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-14 09:58:35 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-10-14 09:54:06 13480 ----a-w- c:\windows\system32\drivers\smiif32.sys
2010-10-14 09:53:03 35176 ----a-w- c:\windows\system32\tpinspm.dll
2010-10-14 09:53:02 38248 ----a-w- c:\windows\system32\ibmpmsvc.exe
2010-10-14 09:53:02 26608 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2010-10-14 09:51:20 262144 ----a-w- c:\windows\system32\UCI32A42.dll
2010-10-14 09:51:20 1729024 ----a-w- c:\windows\system32\CX32TP17.dll
2010-10-14 09:51:19 460800 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2010-10-14 09:48:47 -------- d-----w- c:\program files\Digital Line Detect
2010-10-14 09:48:38 -------- d-----w- c:\users\spuser\appdata\local\BVRP Software
2010-10-14 09:47:59 -------- d-----w- c:\program files\NetWaiting
2010-10-14 09:47:19 981504 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-10-14 09:47:19 8704 ----a-w- c:\windows\system32\drivers\XAudio32.sys
2010-10-14 09:47:19 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-10-14 09:47:19 410624 ----a-w- c:\windows\system32\XAudio32.dll
2010-10-14 09:47:19 258048 ----a-w- c:\windows\system32\UCI32M41.dll
2010-10-14 09:47:19 207360 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2010-10-14 09:45:26 40832 ----a-w- c:\windows\system32\drivers\HECI.sys
2010-10-14 09:42:36 1121280 ----a-w- c:\program files\windows media player\wmpnetwk.exe
2010-10-14 09:41:29 196608 ----a-w- c:\windows\system32\wwanconn.dll
2010-10-10 16:11:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-10 16:11:15 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-09 08:21:15 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-09 07:56:09 -------- d-----w- C:\renamed
2010-10-07 15:48:23 -------- d-----w- c:\users\spuser\appdata\roaming\GetRightToGo
2010-10-07 15:46:12 -------- d-----w- c:\progra~2\PLAV
2010-10-07 15:45:23 -------- d-----w- c:\progra~2\ParetoLogic Anti-Virus PLUS
2010-10-05 16:41:16 -------- d-----w- c:\program files\JRE
2010-10-05 16:40:50 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-30 18:53:06 -------- d-----w- c:\progra~2\WindowsLiveInstaller
2010-09-30 18:09:04 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-30 18:09:03 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-30 18:08:25 3181568 ----a-w- c:\windows\system32\mf.dll
2010-09-30 18:08:25 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-30 18:08:25 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-09-30 18:08:16 15712 ----a-w- c:\program files\common files\windows live\.cache\743568411cb60ca0a\MeshBetaRemover.exe
2010-09-30 18:08:11 94040 ----a-w- c:\program files\common files\windows live\.cache\7109beee1cb60ca09\DSETUP.dll
2010-09-30 18:08:11 525656 ----a-w- c:\program files\common files\windows live\.cache\7109beee1cb60ca09\DXSETUP.exe
2010-09-30 18:08:11 1691480 ----a-w- c:\program files\common files\windows live\.cache\7109beee1cb60ca09\dsetup32.dll
2010-09-30 18:08:05 94040 ----a-w- c:\program files\common files\windows live\.cache\6d7567331cb60ca08\DSETUP.dll
2010-09-30 18:08:05 525656 ----a-w- c:\program files\common files\windows live\.cache\6d7567331cb60ca08\DXSETUP.exe
2010-09-30 18:08:05 1691480 ----a-w- c:\program files\common files\windows live\.cache\6d7567331cb60ca08\dsetup32.dll
2010-09-29 05:00:34 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 02:59:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 02:59:33 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-28 17:05:31 -------- d-----w- c:\program files\iPod

==================== Find3M ====================

2010-10-19 03:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 16:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 16:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 06:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 03:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 03:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-24 19:30:00 677224 ------w- c:\windows\system32\PWMCP32V.cpl
2010-08-24 19:30:00 394600 ------w- c:\windows\PWMBTHLV.EXE
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-13 06:32:22 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-08-13 06:32:18 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-13 06:32:16 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-13 06:32:12 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-13 06:32:10 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-08-13 06:32:08 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-13 06:32:04 3156504 ----a-w- c:\windows\system32\GfxUI.exe

============= FINISH: 21:33:39.63 ===============

#4 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 29 October 2010 - 09:27 PM

Here is the log file done using GMER

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-30 10:14:19
Windows 6.1.7600
Running: ubmwxe67.exe; Driver: C:\Users\SPUser\AppData\Local\Temp\pwdyrfow.sys


---- System - GMER 1.0.15 ----

SSDT 86F308C0 ZwAlertResumeThread
SSDT 86F2D048 ZwAlertThread
SSDT 86FFE7F8 ZwAllocateVirtualMemory
SSDT 86E85420 ZwAlpcConnectPort
SSDT 86FA7398 ZwAssignProcessToJobObject
SSDT 870044B0 ZwCreateMutant
SSDT 86EF3410 ZwCreateSymbolicLinkObject
SSDT 86FFD470 ZwCreateThread
SSDT 87008AF8 ZwCreateThreadEx
SSDT 86F984D0 ZwDebugActiveProcess
SSDT 86FFE9D0 ZwDuplicateObject
SSDT 86FFDA28 ZwFreeVirtualMemory
SSDT 86F73048 ZwImpersonateAnonymousToken
SSDT 86F30048 ZwImpersonateThread
SSDT 86E05470 ZwLoadDriver
SSDT 86FFD908 ZwMapViewOfSection
SSDT 86F738C0 ZwOpenEvent
SSDT 86FFEBF0 ZwOpenProcess
SSDT 86F5DC68 ZwOpenProcessToken
SSDT 86F8C048 ZwOpenSection
SSDT 86FFEAE0 ZwOpenThread
SSDT 870071F0 ZwProtectVirtualMemory
SSDT 86F70048 ZwResumeThread
SSDT 86F5B768 ZwSetContextThread
SSDT 86FFFEB8 ZwSetInformationProcess
SSDT 86F8C850 ZwSetSystemInformation
SSDT 86F7D628 ZwSuspendProcess
SSDT 86F697D8 ZwSuspendThread
SSDT 86F50118 ZwTerminateProcess
SSDT 86EFE218 ZwTerminateThread
SSDT 86F5C248 ZwUnmapViewOfSection
SSDT 86FFDCF8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E45599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82E71734 8 Bytes [C0, 08, F3, 86, 48, D0, F2, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82E7174C 4 Bytes [F8, E7, FF, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82E71758 4 Bytes [20, 54, E8, 86] {AND [EAX+EBP*8-0x7a], DL}
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82E717AC 4 Bytes [98, 73, FA, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82E71828 4 Bytes [B0, 44, 00, 87]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[6268] USER32.dll!CreateWindowExW 75600E51 5 Bytes JMP 2806EAC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[6268] ole32.dll!CoInitializeEx 75A208CC 5 Bytes JMP 2806D240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[6268] ole32.dll!CoCreateInstance 75A3590C 5 Bytes JMP 2806D720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1776] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3904] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3904] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3904] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[4496] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[4496] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[4496] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[4496] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[4496] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[4496] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4608] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4608] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4608] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4608] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4608] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[4728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[4728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[4728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[4728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4840] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4840] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4840] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe[4840] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[5060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[5060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[5060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[5060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[5060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5624] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5624] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5624] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5624] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[5624] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe[5684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe[5684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe[5684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe[5684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe[5684] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[5792] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[5792] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[5792] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[5792] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe[5936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe[5936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe[5936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe[5936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe[5936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe[5936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[5964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[5964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[5964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[5964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[5964] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[6948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[6948] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[6948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[6948] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[6948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F32D9A5C-7C74-4FED-98A9-31F1CCE88A5A}\Connection@Name isatap.{D0BA3944-C539-4962-95B7-DF8382422722}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{F6B22C82-597E-48A9-9FAB-E9918452290D}?\Device\{F32D9A5C-7C74-4FED-98A9-31F1CCE88A5A}?\Device\{6731850E-4ABC-4169-BF6E-0E265DAED1CA}?\Device\{CD75888A-31E0-4B75-909A-77E85CEEECC9}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{F6B22C82-597E-48A9-9FAB-E9918452290D}"?"{F32D9A5C-7C74-4FED-98A9-31F1CCE88A5A}"?"{6731850E-4ABC-4169-BF6E-0E265DAED1CA}"?"{CD75888A-31E0-4B75-909A-77E85CEEECC9}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{F6B22C82-597E-48A9-9FAB-E9918452290D}?\Device\TCPIP6TUNNEL_{F32D9A5C-7C74-4FED-98A9-31F1CCE88A5A}?\Device\TCPIP6TUNNEL_{6731850E-4ABC-4169-BF6E-0E265DAED1CA}?\Device\TCPIP6TUNNEL_{CD75888A-31E0-4B75-909A-77E85CEEECC9}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268eabe15
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268eabe15@0025e71a266b 0x90 0xE4 0xD8 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268eabe15@f4fc326fc860 0x21 0xE7 0xA3 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268eabe15@f4fc32d0a336 0xBF 0xD8 0xFD 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F32D9A5C-7C74-4FED-98A9-31F1CCE88A5A}@InterfaceName isatap.{D0BA3944-C539-4962-95B7-DF8382422722}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F32D9A5C-7C74-4FED-98A9-31F1CCE88A5A}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xA7 0x3D 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0xE0 0xF3 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0x1D 0xA2 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268eabe15 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268eabe15@0025e71a266b 0x90 0xE4 0xD8 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268eabe15@f4fc326fc860 0x21 0xE7 0xA3 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268eabe15@f4fc32d0a336 0xBF 0xD8 0xFD 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xA7 0x3D 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0xE0 0xF3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3E 0x1D 0xA2 0xEF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs@CTE_32 Name 2455381:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{CEA14640-6595-0951-7643-CB9885763C17}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{CEA14640-6595-0951-7643-CB9885763C17}\Version 1.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{CEA14640-6595-0951-7643-CB9885763C17}\Version 1.1@dat 806585365:{5731FE39-0EFA-C5CC-9658-47768B5D3268}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{CEA14640-6595-0951-7643-CB9885763C17}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{CEA14640-6595-0951-7643-CB9885763C17}\Version 3.x
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{CEA14640-6595-0951-7643-CB9885763C17}\Version 3.x@dat 1767914624:{75B7A8AD-83A9-C366-E0F2-318249B58846}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

---- EOF - GMER 1.0.15 ----

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 30 October 2010 - 03:27 AM

It's all looking very uninfected.

Can you tell me which browser you are using where you get the white pages?
Posted Image
m0le is a proud member of UNITE

#6 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 30 October 2010 - 06:02 AM

Hmm means something I did removed it then. Anyway I'm using Mozilla Firefox.

Thanks for your time looking through all these. I wasn't really too sure after the first few failed attempts.

Edited by lightfactor, 30 October 2010 - 06:04 AM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 30 October 2010 - 07:21 AM

I'd like to see an OTL log please

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#8 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 30 October 2010 - 08:28 AM

As requested, here is the OTL log file

OTL logfile created on: 30/10/2010 9:25:47 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\SPUser\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.42 Gb Total Space | 20.22 Gb Free Space | 18.48% Space Free | Partition Type: NTFS
Drive D: | 167.68 Gb Total Space | 107.66 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 2.73 Gb Free Space | 13.96% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.11% Space Free | Partition Type: NTFS

Computer Name: DCL-NB0910631 | User Name: SPUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\SPUser\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Mesh\MOE.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Users\SPUser\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Windows\System32\DTS.exe ()
PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Razer\Krait\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\Razer\Krait\razertra.exe ()
PRC - C:\Program Files\Razer\Krait\razerhid.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )


========== Modules (SafeList) ==========

MOD - C:\Users\SPUser\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (dtsvc) -- C:\Windows\System32\DTS.exe ()
SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe ()
SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (MaxBackServiceInt) -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (NTService1) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )


========== Driver Services (SafeList) ==========

DRV - (XDva351) -- C:\Windows\System32\XDva351.sys File not found
DRV - (woeznecv) -- C:\Windows\System32\drivers\woeznecv.sys File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101028.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101029.024\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101029.024\NAVENG.SYS (Symantec Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETwNs32) ___ Intel® -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (PCDSRVC{3037D694-FD904ACA-06020000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS (Symantec Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys (Symantec Corporation)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Tp4Track) -- C:\Windows\System32\drivers\tp4track.sys (Lenovo Group Limited)
DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS (Symantec Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\Dnetr28u.sys (Ralink Technology Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (5U875UVC) -- C:\Windows\System32\drivers\5U875.sys (Ricoh co.,Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (twtyfilt) -- C:\Windows\System32\drivers\twtyfilt.sys (Creative Technology Ltd.)
DRV - (LycoFltr) -- C:\Windows\System32\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (krait03) -- C:\Windows\System32\drivers\krait.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 5C 8D B4 EB 71 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "xin.msn.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/27 10:21:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/22 21:35:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/25 12:14:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 21:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 21:23:05 | 000,000,000 | ---D | M]

[2010/10/14 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\mozilla\Extensions
[2010/10/29 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\mozilla\Firefox\Profiles\gqsv9ywe.default\extensions
[2010/10/15 01:28:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\SPUser\AppData\Roaming\mozilla\Firefox\Profiles\gqsv9ywe.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/15 19:17:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SPUser\AppData\Roaming\mozilla\Firefox\Profiles\gqsv9ywe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 01:28:52 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\SPUser\AppData\Roaming\mozilla\Firefox\Profiles\gqsv9ywe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/10/15 01:28:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SPUser\AppData\Roaming\mozilla\Firefox\Profiles\gqsv9ywe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/15 01:28:53 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\SPUser\AppData\Roaming\mozilla\Firefox\Profiles\gqsv9ywe.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/10/14 21:35:24 | 000,000,914 | ---- | M] () -- C:\Users\SPUser\AppData\Roaming\Mozilla\FireFox\Profiles\gqsv9ywe.default\searchplugins\dictionarycom.xml
[2010/10/29 10:39:30 | 000,001,238 | ---- | M] () -- C:\Users\SPUser\AppData\Roaming\Mozilla\FireFox\Profiles\gqsv9ywe.default\searchplugins\facebook.xml
[2010/10/14 21:35:04 | 000,004,140 | ---- | M] () -- C:\Users\SPUser\AppData\Roaming\Mozilla\FireFox\Profiles\gqsv9ywe.default\searchplugins\youtube.xml
[2010/10/24 11:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/24 11:55:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/10/26 23:43:40 | 000,000,848 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe ()
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WLSync] C:\Program Files\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SPUser\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sp.edu.sg ([esp] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\SPUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\SPUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 08:37:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/27 08:37:50 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 08:37:50 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 08:37:50 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 08:37:44 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/24 20:03:26 | 000,000,000 | ---D | C] -- C:\Users\SPUser\Downloads\Desktop\DCIM
[2010/10/24 13:56:20 | 000,000,000 | ---D | C] -- C:\Users\SPUser\Documents\Fragments
[2010/10/24 12:02:12 | 000,000,000 | ---D | C] -- C:\Users\SPUser\AppData\Roaming\Windows Live Writer
[2010/10/24 12:02:12 | 000,000,000 | ---D | C] -- C:\Users\SPUser\AppData\Local\Windows Live Writer
[2010/10/24 11:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/24 11:53:17 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/24 11:53:01 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/10/24 11:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/10/23 00:39:26 | 000,272,384 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMA2.DLL
[2010/10/22 23:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/22 21:30:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/21 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\SPUser\Downloads\Desktop\Investigation
[2010/10/19 11:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/18 20:24:06 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/10/18 20:24:06 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/10/17 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\SPUser\AppData\Roaming\OpenOffice.org
[2010/10/16 01:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/15 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/10/14 18:34:06 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/10/14 18:06:30 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 18:06:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 18:06:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 18:06:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 18:06:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 18:06:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 18:06:29 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 18:06:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 18:06:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 18:06:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 18:06:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 18:06:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 18:06:15 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 18:06:15 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 18:06:13 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 18:06:11 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 18:06:01 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 18:05:56 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/10/14 17:58:35 | 000,024,304 | ---- | C] (Lenovo.) -- C:\Windows\System32\drivers\DOZEHDD.SYS
[2010/10/14 17:54:06 | 000,013,480 | ---- | C] (Lenovo Group Limited) -- C:\Windows\System32\drivers\smiif32.sys
[2010/10/14 17:53:03 | 000,035,176 | ---- | C] (Lenovo.) -- C:\Windows\System32\tpinspm.dll
[2010/10/14 17:53:02 | 000,038,248 | ---- | C] (Lenovo.) -- C:\Windows\System32\ibmpmsvc.exe
[2010/10/14 17:53:02 | 000,026,608 | ---- | C] (Lenovo.) -- C:\Windows\System32\drivers\ibmpmdrv.sys
[2010/10/14 17:51:20 | 001,729,024 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\CX32TP17.dll
[2010/10/14 17:51:20 | 000,262,144 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32A42.dll
[2010/10/14 17:51:19 | 000,460,800 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys
[2010/10/14 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2010/10/14 17:48:38 | 000,000,000 | ---D | C] -- C:\Users\SPUser\AppData\Local\BVRP Software
[2010/10/14 17:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2010/10/14 17:47:19 | 000,981,504 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys
[2010/10/14 17:47:19 | 000,661,504 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys
[2010/10/14 17:47:19 | 000,410,624 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\XAudio32.dll
[2010/10/14 17:47:19 | 000,258,048 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32M41.dll
[2010/10/14 17:47:19 | 000,207,360 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys
[2010/10/14 17:47:19 | 000,008,704 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio32.sys
[2010/10/14 17:45:26 | 000,040,832 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\HECI.sys
[2010/10/14 17:43:17 | 008,198,680 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWSetup.exe
[2010/10/14 17:43:16 | 000,261,632 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2010/10/14 17:43:16 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2010/10/14 17:43:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2010/10/14 17:43:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2010/10/14 17:43:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2010/10/14 17:43:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2010/10/14 17:43:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2010/10/14 17:43:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2010/10/14 17:43:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2010/10/14 17:43:16 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2010/10/14 17:43:16 | 000,084,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2010/10/14 17:43:16 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2010/10/14 17:43:16 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2010/10/14 17:43:16 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2182.dll
[2010/10/14 17:43:15 | 009,018,368 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys
[2010/10/14 17:43:15 | 004,966,400 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2010/10/14 17:43:15 | 000,571,904 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2010/10/14 17:43:15 | 000,228,352 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdev.dll
[2010/10/14 17:43:15 | 000,194,560 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2010/10/14 17:43:15 | 000,179,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
[2010/10/14 17:43:15 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2010/10/14 17:43:15 | 000,115,200 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2010/10/14 17:43:15 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2010/10/14 17:43:15 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2010/10/14 17:43:15 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2010/10/14 17:43:15 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2010/10/14 17:43:15 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2010/10/14 17:43:15 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2010/10/14 17:43:15 | 000,084,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2010/10/14 17:43:15 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2010/10/14 17:43:15 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2010/10/14 17:43:15 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/10/14 17:43:14 | 011,041,280 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2010/10/14 17:43:13 | 003,156,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2010/10/14 17:43:13 | 000,120,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2010/10/14 17:41:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2010/10/14 17:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/10/11 00:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/11 00:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/09 16:21:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/09 15:56:09 | 000,000,000 | ---D | C] -- C:\renamed
[2010/10/09 15:48:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/07 23:48:23 | 000,000,000 | ---D | C] -- C:\Users\SPUser\AppData\Roaming\GetRightToGo
[2010/10/07 23:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2010/10/07 23:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2010/10/06 00:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/10/06 00:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/10/01 02:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsLiveInstaller
[2010/10/01 02:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2010/10/01 02:09:04 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/10/01 02:09:03 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/10/01 02:08:25 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/01 02:08:25 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/10/01 02:08:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

========== Files - Modified Within 30 Days ==========

[2010/10/30 21:20:40 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 21:20:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 19:09:58 | 000,721,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 19:09:58 | 000,146,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 13:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 13:19:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/30 11:03:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/10/29 08:26:55 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 08:26:54 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 08:18:16 | 000,000,496 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/10/29 08:15:18 | 2384,482,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 23:39:13 | 011,261,184 | ---- | M] () -- C:\Users\SPUser\Downloads\Desktop\YouTube - Kingdom Hearts OST, S01-TS_ Hikari -PLANITb Remix (Full).mp3
[2010/10/28 20:40:57 | 000,000,000 | ---- | M] () -- C:\Users\SPUser\defogger_reenable
[2010/10/27 10:28:25 | 009,221,137 | ---- | M] () -- C:\Users\SPUser\Downloads\Desktop\YouTube - Kingdom Hearts OST, S01-TS_ Hikari -PLANITb Remix (Full).mp4
[2010/10/26 23:43:40 | 000,000,848 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/25 21:14:52 | 000,423,219 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101026-234340.backup
[2010/10/21 16:33:02 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-211452.backup
[2010/10/21 16:23:42 | 003,870,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/17 23:38:07 | 000,000,119 | -H-- | M] () -- C:\Users\SPUser\Downloads\Desktop\.~lock.dmphtk.iso#
[2010/10/17 17:54:39 | 000,001,203 | ---- | M] () -- C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/10/16 01:07:49 | 000,001,919 | ---- | M] () -- C:\Users\SPUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/16 00:59:38 | 000,001,417 | ---- | M] () -- C:\Users\SPUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 17:54:53 | 000,014,820 | ---- | M] () -- C:\Windows\System32\results.xml
[2010/10/14 17:49:50 | 000,001,917 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/10/11 08:02:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/11 08:02:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/11 01:21:06 | 000,000,090 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/09 10:37:26 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/10/07 23:46:18 | 000,001,262 | ---- | M] () -- C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/10/02 19:05:19 | 000,007,601 | ---- | M] () -- C:\Users\SPUser\AppData\Local\Resmon.ResmonCfg
[2010/10/01 03:11:53 | 000,000,020 | ---- | M] () -- C:\Windows\
[2010/10/01 02:52:18 | 000,000,020 | ---- | M] () -- C:\Windows\

========== Files Created - No Company Name ==========

[2010/10/28 23:38:53 | 011,261,184 | ---- | C] () -- C:\Users\SPUser\Downloads\Desktop\YouTube - Kingdom Hearts OST, S01-TS_ Hikari -PLANITb Remix (Full).mp3
[2010/10/28 20:40:57 | 000,000,000 | ---- | C] () -- C:\Users\SPUser\defogger_reenable
[2010/10/27 10:28:25 | 009,221,137 | ---- | C] () -- C:\Users\SPUser\Downloads\Desktop\YouTube - Kingdom Hearts OST, S01-TS_ Hikari -PLANITb Remix (Full).mp4
[2010/10/17 23:38:07 | 000,000,119 | -H-- | C] () -- C:\Users\SPUser\Downloads\Desktop\.~lock.dmphtk.iso#
[2010/10/17 17:54:39 | 000,001,203 | ---- | C] () -- C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/10/16 01:07:49 | 000,001,919 | ---- | C] () -- C:\Users\SPUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/16 00:59:37 | 000,001,417 | ---- | C] () -- C:\Users\SPUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 17:49:48 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/10/14 17:43:16 | 000,051,424 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010/10/14 17:43:13 | 000,189,408 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources
[2010/10/14 17:43:13 | 000,178,288 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources
[2010/10/14 17:43:13 | 000,165,251 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources
[2010/10/14 17:43:13 | 000,139,830 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources
[2010/10/14 17:43:13 | 000,136,327 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources
[2010/10/14 17:43:13 | 000,133,680 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources
[2010/10/14 17:43:13 | 000,125,477 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources
[2010/10/14 17:43:13 | 000,123,164 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources
[2010/10/14 17:43:13 | 000,122,858 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources
[2010/10/14 17:43:13 | 000,122,638 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources
[2010/10/14 17:43:13 | 000,121,121 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources
[2010/10/14 17:43:13 | 000,120,695 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources
[2010/10/14 17:43:13 | 000,120,287 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources
[2010/10/14 17:43:13 | 000,119,533 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources
[2010/10/14 17:43:13 | 000,119,513 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources
[2010/10/14 17:43:13 | 000,119,286 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources
[2010/10/14 17:43:13 | 000,118,997 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources
[2010/10/14 17:43:13 | 000,118,684 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources
[2010/10/14 17:43:13 | 000,118,631 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources
[2010/10/14 17:43:13 | 000,118,317 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources
[2010/10/14 17:43:13 | 000,117,984 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources
[2010/10/14 17:43:13 | 000,114,779 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources
[2010/10/14 17:43:13 | 000,114,308 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources
[2010/10/14 17:43:13 | 000,114,179 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources
[2010/10/14 17:43:13 | 000,110,156 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
[2010/10/14 17:43:13 | 000,103,997 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources
[2010/10/14 17:43:13 | 000,102,843 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources
[2010/10/11 14:28:44 | 1643,411,456 | ---- | C] () -- C:\Users\SPUser\Downloads\Desktop\dmphtk.iso
[2010/10/11 14:28:25 | 1402,929,152 | ---- | C] () -- C:\Users\SPUser\Downloads\Desktop\1846 - Hatsune Miku - Project Diva (JPN).iso
[2010/10/11 08:02:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/11 08:02:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/11 01:21:06 | 000,000,090 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/01 03:11:52 | 000,000,020 | ---- | C] () -- C:\Windows\
[2010/10/01 02:52:17 | 000,000,020 | ---- | C] () -- C:\Windows\
[2010/08/04 23:06:17 | 000,000,132 | ---- | C] () -- C:\Users\SPUser\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/31 10:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/07/06 22:34:09 | 000,000,132 | ---- | C] () -- C:\Users\SPUser\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/05/07 16:00:48 | 000,000,132 | ---- | C] () -- C:\Users\SPUser\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/04/17 18:58:22 | 000,237,568 | ---- | C] () -- C:\Windows\System32\glut32.dll
[2010/02/11 00:05:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/02/11 00:05:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/12/07 19:51:03 | 004,874,240 | ---- | C] () -- C:\Windows\System32\DSE2_DFT.dll
[2009/12/02 13:34:26 | 000,007,601 | ---- | C] () -- C:\Users\SPUser\AppData\Local\Resmon.ResmonCfg
[2009/11/18 13:09:40 | 000,024,064 | ---- | C] () -- C:\Users\SPUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 14:23:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/11/15 12:12:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/25 16:30:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 20:56:17 | 000,025,113 | R--- | C] () -- C:\Windows\System32\cttwty.ini
[2009/08/03 20:56:17 | 000,000,917 | R--- | C] () -- C:\Windows\twtycfg.ini
[2009/08/03 20:56:17 | 000,000,053 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/07 20:25:39 | 000,001,024 | ---- | C] () -- C:\Users\SPUser\AppData\Roaming\WavCodec.wff
[2009/05/22 21:32:06 | 000,000,000 | -H-- | C] () -- C:\Users\SPUser\AppData\Roaming\SPUser.idx
[2009/05/22 20:59:50 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2009/05/22 20:59:50 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2009/05/22 20:59:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2009/05/22 20:59:50 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2009/05/22 20:59:50 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2009/05/22 20:59:50 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2009/05/22 20:59:50 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2009/05/22 20:59:49 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2009/05/22 20:59:49 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2009/04/01 16:53:34 | 000,520,192 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2009/03/02 17:57:49 | 000,000,496 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2009/02/23 11:22:22 | 000,000,184 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/02/23 10:28:00 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/02/23 10:25:13 | 000,000,306 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/22 03:43:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll

========== LOP Check ==========

[2010/10/05 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Audacity
[2009/11/15 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\CachedFiles
[2010/08/20 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Canon
[2010/09/24 14:06:56 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/15 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Cisco
[2010/04/25 16:03:24 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\DAEMON Tools Lite
[2010/04/25 14:32:09 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\DAEMON Tools Pro
[2009/11/15 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Downloaded Installations
[2010/10/30 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Dropbox
[2010/06/14 10:08:03 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Facebook
[2010/02/21 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\FireShot
[2009/11/15 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\FlashGet
[2010/10/07 23:54:08 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\GetRightToGo
[2010/02/05 10:54:36 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\GrabPro
[2010/05/21 08:10:11 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\iShell
[2009/11/15 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Leadertech
[2009/11/15 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Lenovo
[2009/11/15 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Mathsoft
[2010/04/03 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\motorola
[2010/07/03 23:38:14 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\ObviousFX
[2010/02/05 00:12:13 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\ooVoo Details
[2010/10/17 17:53:56 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\OpenOffice.org
[2010/02/05 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Orbit
[2010/03/20 20:16:32 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\PandoraRecovery
[2010/01/22 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Publish Providers
[2010/08/15 01:32:54 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\ShanghaiAlice
[2010/07/31 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Sony
[2010/02/06 13:34:53 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Sony Creative Software
[2010/05/03 23:18:24 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/28 22:33:56 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Teleca
[2010/01/22 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Tific
[2010/09/11 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Update
[2010/10/30 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\uTorrent
[2010/10/27 08:24:49 | 000,000,000 | ---D | M] -- C:\Users\SPUser\AppData\Roaming\Windows Live Writer
[2010/10/09 10:37:26 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/10/28 19:36:15 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/30 11:03:03 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2010/09/16 20:55:05 | 000,000,306 | RHS- | M] () -- C:\Windows\Tasks\yqljdhnf.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A1063995
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 30 October 2010 - 10:11 AM

Some weird and wonderful stuff there. Any idea what these folders might be?

[2010/10/01 03:11:53 | 000,000,020 | ---- | M] () -- C:\Windows\
[2010/10/01 02:52:18 | 000,000,020 | ---- | M] () -- C:\Windows\



Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
[2010/09/16 20:55:05 | 000,000,306 | RHS- | M] () -- C:\Windows\Tasks\yqljdhnf.job
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A1063995
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#10 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 30 October 2010 - 10:13 AM

Just ran the fix, here's the log

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
C:\Windows\Tasks\yqljdhnf.job moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A1063995 deleted successfully.
ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_231307

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 30 October 2010 - 10:17 AM

What about the two folders?
Posted Image
m0le is a proud member of UNITE

#12 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 30 October 2010 - 10:22 AM

Um I'm not too sure actually. They appear to be just files without an extension (eg <file name>.exe).

Both files just say

[KeyList]
Count=0



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 30 October 2010 - 10:30 AM

Harmless files.

I can't see anything else. Did you say that the redirects have gone? Anything else problematic?
Posted Image
m0le is a proud member of UNITE

#14 lightfactor

lightfactor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 30 October 2010 - 10:31 AM

So far nothing from the redirects. Thanks for your time. = ) I'm still not too sure what fixed it though. lol.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:41 PM

Posted 30 October 2010 - 10:45 AM

C:\Windows\Tasks\yqljdhnf.job


This .job file indicates a trojan such as Vundo or Delf but the "Google Virus" is actually usually TDSS's latest variant called TDL3

Glad we could finally confirm that it's gone.


You're clean. Good stuff! :thumbup2:

Let's do some clearing up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it lightfactor, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users