Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No icons on desktop, no right click option on desktop


  • This topic is locked This topic is locked
25 replies to this topic

#1 Tenusha

Tenusha

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 02 November 2010 - 12:17 PM

Hello. I am having this problem with my computer which uses Windows Home XP Edition since many months. All the desktop icons have disappeared, no right click option on the bare desktop and no shut down option in the task bar- must log off to be able to shut down.
I installed Defogger already. I ran both DDS and GMER but it was unsuccessful. DDS showed a blank screen and performed no scan, GMER made my computer shut down midway through its scan.
I ran RSIT after that. The scan proceeded without problem. The result of the log file is pasted below. Please find attached the info.txt
I'll be grateful if i could get assistance on what to do now.. Thanks.

LOG FILE SCAN RESULT

Logfile of random's system information tool 1.08 (written by random/random)
Run by LENOVO at 2010-11-02 20:56:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 417 MB (1%) free of 30 GB
Total RAM: 502 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:56:34 PM, on 11/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\RSIT.exe
C:\Program Files\trend micro\LENOVO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60287
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\winmgmt.vbe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [] Rundll32.exe "C:\WINDOWS\system32\pfgdiwck.dll",s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\LENOVO\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: opnnkhi - opnnkhi.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1c9f8a6776e59b0) (gupdate1c9f8a6776e59b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13698 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Norton Security Scan for LENOVO.job
C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\back up process.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-09 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-06-19 1190912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-21 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-02-29 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-25 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-25 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-09 878352]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-06-19 1190912]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-25 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-06 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-06 114688]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2008-08-31 1783808]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-08-25 714608]
""= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-08-31 524632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-21 198160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"Norton Online Backup"=C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-08 968536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-13 68856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-10-29 2424560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnkhi]
opnnkhi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=C:\WINDOWS\system32\lsass.exe [2004-08-04 13312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=1
"NoChangeStartMenu"=1
"NoClose"=1
"NoDesktop"=1
"NoDriveAutoRun"=1
"NoFileMenu"=1
"NoHardwareTab"=1
"NoResolveSearch"=1
"NoShellSearchButton"=1
"NoRecycleFiles"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeStartMenu"=1
"NoClose"=1
"NoDesktop"=1
"NoDriveAutoRun"=1
"NoFileMenu"=1
"NoHardwareTab"=1
"NoResolveSearch"=1
"NoShellSearchButton"=1
"HonorAutoRunSetting"=1
"NoRecycleFiles"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Yahoo! Games\BeTrapped!\BeTrapped.exe"="C:\Program Files\Yahoo! Games\BeTrapped!\BeTrapped.exe:*:Disabled:BeTrapped Game Executable"
"C:\WINDOWS\System32\SolidStateNetworks\SolidStateION\solidnm.exe"="C:\WINDOWS\System32\SolidStateNetworks\SolidStateION\solidnm.exe:*:Enabled:Solid State Networks Browser Plugin"
"C:\Program Files\Ares Ultra\Ares Ultra.exe"="C:\Program Files\Ares Ultra\Ares Ultra.exe:*:Disabled:Ares Ultra p2p for windows"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Puzzoo\Fortune Pond\FortunePond.exe"="C:\Program Files\Puzzoo\Fortune Pond\FortunePond.exe:*:Enabled:Flash Player 5.0 r30"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\msmsgs.exe"="C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\groove.exe"="C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"E:\COUNTER-STRIKE 1.6\HL.EXE"="E:\COUNTER-STRIKE 1.6\HL.EXE:*:Enabled:Half-Life Launcher"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\SecondLifeViewer2\SLVoice.exe"="C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe"="C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe:*:Enabled:Norton Online Backup Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 3 months======

2010-11-02 20:56:03 ----D---- C:\Program Files\trend micro
2010-11-02 20:56:00 ----D---- C:\rsit
2010-10-30 09:29:53 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-10-29 12:40:18 ----SHD---- C:\FOUND.793
2010-10-29 12:36:02 ----A---- C:\WINDOWS\system32\drivers\Trufos.sys
2010-10-29 12:35:58 ----A---- C:\WINDOWS\system32\drivers\bdrawpr.sys
2010-10-29 12:35:58 ----A---- C:\WINDOWS\system32\drivers\bdfsfltr.sys
2010-10-29 11:05:50 ----D---- C:\WINDOWS\ie8updates
2010-10-29 11:02:02 ----HD---- C:\WINDOWS\ie8
2010-10-29 09:45:24 ----SHD---- C:\FOUND.792
2010-10-26 19:52:29 ----D---- C:\Program Files\Common Files\PC Tools
2010-10-19 22:01:51 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-10-19 20:22:36 ----SHD---- C:\FOUND.791
2010-10-17 12:11:17 ----D---- C:\WINDOWS\system32\drivers\NSS
2010-10-17 12:11:14 ----D---- C:\Program Files\Norton Security Scan
2010-10-17 12:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-10-17 12:09:59 ----D---- C:\Program Files\NortonInstaller
2010-10-17 12:09:59 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-10-16 20:55:48 ----D---- C:\WINDOWS\system32\Adobe
2010-10-15 13:49:54 ----SHD---- C:\FOUND.790
2010-10-11 18:38:26 ----SHD---- C:\FOUND.789
2010-10-09 13:48:32 ----D---- C:\Program Files\Common Files\Adobe
2010-10-05 19:00:38 ----SHD---- C:\FOUND.788
2010-10-01 08:39:46 ----SHD---- C:\FOUND.787
2010-09-30 17:27:14 ----SHD---- C:\FOUND.786
2010-09-29 18:09:22 ----SHD---- C:\FOUND.785
2010-09-23 18:40:50 ----SHD---- C:\FOUND.784
2010-09-22 16:55:38 ----SHD---- C:\FOUND.783
2010-09-20 17:56:04 ----SHD---- C:\FOUND.782
2010-09-18 10:44:26 ----SHD---- C:\FOUND.781
2010-09-17 13:48:08 ----HD---- C:\WINDOWS\$NtUninstallWudf01009$
2010-09-17 13:44:03 ----HD---- C:\WINDOWS\$NtUninstallWdf01009$
2010-09-17 08:24:59 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2010-09-16 21:25:36 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-09-16 21:25:26 ----D---- C:\Program Files\PC Connectivity Solution
2010-09-16 21:24:41 ----A---- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2010-09-16 21:24:40 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2010-09-16 21:24:40 ----A---- C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010-09-16 21:24:38 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-09-16 21:24:37 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-09-16 21:24:34 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-09-16 21:24:34 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-09-16 21:24:34 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2010-09-16 16:15:52 ----SHD---- C:\FOUND.780
2010-09-13 18:39:18 ----SHD---- C:\FOUND.779
2010-09-12 18:43:58 ----SHD---- C:\FOUND.778
2010-09-06 19:16:12 ----SHD---- C:\FOUND.777
2010-09-03 07:48:20 ----SHD---- C:\FOUND.776
2010-09-02 21:50:50 ----SHD---- C:\FOUND.775
2010-09-01 19:19:27 ----HD---- C:\WINDOWS\$NtUninstallKB961118$
2010-09-01 19:11:10 ----HD---- C:\WINDOWS\$NtUninstallKB925720$
2010-09-01 16:54:29 ----D---- C:\Program Files\ESET
2010-08-31 21:21:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-31 21:20:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-31 21:20:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-31 20:20:19 ----D---- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\SUPERAntiSpyware.com
2010-08-31 20:20:19 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-31 20:20:03 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-31 19:11:40 ----D---- C:\WINDOWS\system32\XPSViewer
2010-08-31 19:11:28 ----D---- C:\Program Files\Reference Assemblies
2010-08-31 19:10:15 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-08-31 19:10:14 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-08-31 19:10:14 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-08-31 19:02:45 ----D---- C:\Program Files\MSXML 6.0
2010-08-31 16:47:34 ----SHD---- C:\FOUND.774
2010-08-31 10:32:24 ----SHD---- C:\FOUND.773
2010-08-30 23:07:59 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2010-08-30 23:05:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-30 20:36:08 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
2010-08-30 20:07:00 ----SHD---- C:\FOUND.772
2010-08-30 19:50:22 ----HD---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-30 19:50:16 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-08-30 19:50:08 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2010-08-30 19:50:00 ----HD---- C:\WINDOWS\$NtUninstallKB959426$
2010-08-30 19:49:53 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2010-08-30 19:49:46 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2010-08-30 19:49:39 ----HD---- C:\WINDOWS\$NtUninstallKB960859$
2010-08-30 19:49:31 ----HD---- C:\WINDOWS\$NtUninstallKB971468$
2010-08-30 19:48:55 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-08-30 19:48:34 ----HD---- C:\WINDOWS\$NtUninstallKB958869$
2010-08-30 19:36:41 ----HD---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-08-30 19:36:35 ----HD---- C:\WINDOWS\$NtUninstallKB980195$
2010-08-30 19:36:28 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-08-30 19:35:52 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2010-08-30 19:35:46 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2010-08-30 19:35:37 ----HD---- C:\WINDOWS\$NtUninstallKB969059$
2010-08-30 19:35:31 ----HD---- C:\WINDOWS\$NtUninstallKB981349$
2010-08-30 19:35:24 ----HD---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-30 19:35:17 ----HD---- C:\WINDOWS\$NtUninstallKB961503$
2010-08-30 19:35:11 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2010-08-30 19:35:04 ----HD---- C:\WINDOWS\$NtUninstallKB978037$
2010-08-30 19:34:58 ----HD---- C:\WINDOWS\$NtUninstallKB975713$
2010-08-30 19:34:50 ----HD---- C:\WINDOWS\$NtUninstallKB971657$
2010-08-30 19:34:42 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-08-30 19:34:32 ----HD---- C:\WINDOWS\$NtUninstallKB960225$
2010-08-30 19:33:24 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-08-30 19:33:16 ----HD---- C:\WINDOWS\$NtUninstallKB974112$
2010-08-30 19:33:10 ----HD---- C:\WINDOWS\$NtUninstallKB975467$
2010-08-30 19:33:00 ----HD---- C:\WINDOWS\$NtUninstallKB968389$
2010-08-30 19:32:23 ----HD---- C:\WINDOWS\$NtUninstallKB956572$
2010-08-30 19:32:13 ----HD---- C:\WINDOWS\$NtUninstallKB956844$
2010-08-30 19:32:02 ----HD---- C:\WINDOWS\$NtUninstallKB961501$
2010-08-30 19:30:57 ----HD---- C:\WINDOWS\$NtUninstallKB975561$
2010-08-30 19:30:45 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-08-30 19:30:22 ----HD---- C:\WINDOWS\$NtUninstallKB973869$
2010-08-30 19:29:57 ----HD---- C:\WINDOWS\$NtUninstallKB975025$
2010-08-30 19:29:45 ----HD---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-08-30 19:29:35 ----HD---- C:\WINDOWS\$NtUninstallKB952004$
2010-08-30 19:29:27 ----HD---- C:\WINDOWS\$NtUninstallKB974571$
2010-08-30 19:29:13 ----HD---- C:\WINDOWS\$NtUninstallKB975560$
2010-08-30 19:28:16 ----HD---- C:\WINDOWS\$NtUninstallKB973507$
2010-08-30 19:23:37 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-08-30 19:23:12 ----HD---- C:\WINDOWS\$NtUninstallKB973687$
2010-08-30 19:22:59 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2010-08-30 19:22:52 ----HD---- C:\WINDOWS\$NtUninstallKB981793$
2010-08-30 19:22:47 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-08-30 19:22:41 ----HD---- C:\WINDOWS\$NtUninstallKB979559$
2010-08-30 19:22:35 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2010-08-30 19:22:28 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2010-08-30 19:21:55 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2010-08-30 19:21:40 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2010-08-30 19:21:04 ----HD---- C:\WINDOWS\$NtUninstallKB950760$
2010-08-30 19:20:58 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2010-08-30 19:20:53 ----HD---- C:\WINDOWS\$NtUninstallKB945553$
2010-08-30 19:20:46 ----HD---- C:\WINDOWS\$NtUninstallKB977914$
2010-08-30 19:20:20 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2010-08-30 19:18:56 ----HD---- C:\WINDOWS\$NtUninstallKB978542$
2010-08-30 19:18:49 ----HD---- C:\WINDOWS\$NtUninstallKB970238$
2010-08-30 19:18:37 ----HD---- C:\WINDOWS\$NtUninstallKB950749$
2010-08-30 19:18:31 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-08-30 19:18:25 ----HD---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-08-30 19:18:21 ----HD---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-30 19:18:16 ----HD---- C:\WINDOWS\$NtUninstallKB978706$
2010-08-30 19:18:08 ----D---- C:\WINDOWS\ServicePackFiles
2010-08-30 19:18:06 ----HD---- C:\WINDOWS\$NtUninstallKB958470$
2010-08-30 19:18:00 ----HD---- C:\WINDOWS\$NtUninstallKB960803$
2010-08-30 19:17:54 ----HD---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-08-30 19:17:48 ----HD---- C:\WINDOWS\$NtUninstallKB973815$
2010-08-30 19:17:42 ----HD---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-30 19:17:36 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2010-08-30 19:17:30 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2010-08-30 19:17:18 ----HD---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-08-30 19:17:13 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2010-08-30 19:15:25 ----HD---- C:\WINDOWS\$NtUninstallKB923561$
2010-08-30 19:15:17 ----HD---- C:\WINDOWS\$NtUninstallKB971961$
2010-08-30 19:15:09 ----HD---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-08-30 19:14:06 ----HD---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-08-29 23:13:52 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-08-29 17:54:20 ----D---- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Malwarebytes
2010-08-29 17:53:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-26 08:22:12 ----SHD---- C:\FOUND.771
2010-08-25 14:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii
2010-08-24 18:50:30 ----SHD---- C:\FOUND.770
2010-08-23 19:57:38 ----SHD---- C:\FOUND.769
2010-08-20 19:03:58 ----SHD---- C:\FOUND.768
2010-08-18 18:39:54 ----SHD---- C:\FOUND.767
2010-08-15 17:37:28 ----SHD---- C:\FOUND.766
2010-08-10 18:08:05 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 18:08:05 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 18:08:05 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 17:30:22 ----SHD---- C:\FOUND.765
2010-08-05 14:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2010-08-05 10:55:46 ----SHD---- C:\FOUND.764

======List of files/folders modified in the last 3 months======

2010-11-02 14:41:10 ----A---- C:\WINDOWS\ModemLog_HSF2014 56K Data Fax Modem.txt
2010-10-30 19:01:18 ----A---- C:\WINDOWS\imsins.BAK
2010-10-24 20:56:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-07 19:11:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-03 07:51:48 ----A---- C:\WINDOWS\Katal.exe
2010-09-01 19:24:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-08-31 64160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-29 20640]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 BdRawPr;BdRawPr; C:\WINDOWS\system32\DRIVERS\bdrawpr.sys [2010-05-13 12960]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 Trufos;Trufos; C:\WINDOWS\system32\DRIVERS\Trufos.sys [2010-07-27 253072]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-06 151552]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-12-21 92800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-02-25 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-02-25 212864]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080312.051\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080312.051\NAVEX15.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-02-25 682624]
R3 ZSMC0305;A4 TECH PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-05-08 391688]
S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2010-07-09 327368]
S3 bdselfpr;bdselfpr; \??\C:\DOCUME~1\LENOVO~1.LEN\LOCALS~1\Temp\bdtempdir02\bdselfpr.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-24 243064]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 NOBU;Norton Online Backup; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-08 2057560]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\PROGRA~1\SPYWAR~1\sp_rsser.exe [2008-08-31 570880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate1c9f8a6776e59b0;Google Update Service (gupdate1c9f8a6776e59b0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-29 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-31 1029456]
S2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-19 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-24 3192184]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sp_clamsrv;Spyware Terminator Clam Service; C:\Program Files\WinClamAVShield\sp_clamsrv.exe [2008-01-28 320000]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-28 1251720]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   42.58KB   1 downloads


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 09 November 2010 - 08:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 10 November 2010 - 07:26 AM

Hello Myrti,
Thank you for looking through my problem..
I did as you said and here are the log reports..

1. OTL.Txt

OTL logfile created on: 11/10/2010 4:08:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 96.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 0.59 Gb Free Space | 2.03% Space Free | Partition Type: FAT32
Drive D: | 114.79 Gb Total Space | 109.99 Gb Free Space | 95.82% Space Free | Partition Type: FAT32

Computer Name: LENOVO-6D4B0BB5 | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\Downloads\OTL.exe
PRC - [2010/10/29 10:05:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 10:05:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 19:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 19:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/31 19:42:16 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/08/31 19:41:58 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/08 11:25:10 | 000,968,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
PRC - [2010/06/08 11:20:16 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/06/07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/09/21 08:32:02 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/20 14:32:32 | 001,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/08/31 17:44:12 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2007/08/24 00:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/13 14:00:34 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 14:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/26 09:54:28 | 000,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2005/01/17 00:23:14 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (SafeList) ==========

MOD - [2009/09/21 08:32:44 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 17:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006/08/25 19:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 19:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 19:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 19:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/31 19:41:58 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/08 11:20:16 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/31 17:44:12 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008/02/28 17:33:48 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/28 15:02:42 | 000,320,000 | ---- | M] (Crawler.com) [On_Demand | Stopped] -- C:\Program Files\WinClamAVShield\sp_clamsrv.exe -- (sp_clamsrv)
SRV - [2007/08/24 00:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/24 00:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LENOVO~1.LEN\LOCALS~1\Temp\bdtempdir02\bdselfpr.sys -- (bdselfpr)
DRV - [2010/11/10 09:05:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/18 08:14:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/07 18:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 18:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 18:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 18:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 18:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 18:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/31 19:45:14 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2010/07/09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/05/13 17:02:32 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2010/05/10 22:41:32 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/02/17 22:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/31 17:44:12 | 000,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/06/13 14:13:40 | 000,184,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/06/13 14:13:38 | 000,096,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2008/06/13 14:13:38 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2008/06/13 14:13:38 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2008/06/13 14:13:38 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/13 14:13:38 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/03/05 13:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080312.051\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/03/05 13:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080312.051\NAVENG.SYS -- (NAVENG)
DRV - [2008/02/29 19:52:48 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/02/15 01:32:16 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/10/06 14:24:02 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/06 11:00:52 | 000,151,552 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2006/03/17 14:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/25 02:22:00 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/02/25 02:20:22 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/25 02:18:46 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60287


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-264361075-924108908-1271977798-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2007/08/21 18:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/28 09:20:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/08/11 16:37:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/08/11 16:37:48 | 000,000,000 | ---D | M]

[2008/10/06 14:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Extensions
[2008/03/21 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions
[2010/10/16 18:57:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/02 20:35:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/07 14:41:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/03 09:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/11/08 18:20:14 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\searchplugins\bing.xml
[2007/08/11 16:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/11 16:37:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/11 11:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 18:08:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/09 16:06:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/09/15 14:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/11/11 11:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007/12/17 21:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober9469640.gif
[2010/11/07 14:41:18 | 000,000,199 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober9469640.src

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [] Reg Error: Value error. File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-264361075-924108908-1271977798-1005..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKU\S-1-5-21-264361075-924108908-1271977798-1005..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-264361075-924108908-1271977798-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-264361075-924108908-1271977798-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrive = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrive = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 1
O7 - HKU\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\LENOVO\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://cdn1.acclaimdownloads.com/solidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\opnnkhi: DllName - opnnkhi.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\mlljg.dll) - C:\WINDOWS\System32\mlljg.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - Solid State ION Internet Explorer Plugin
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 16:01:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\OTL.exe
[2010/11/09 16:06:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/09 16:06:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/09 16:06:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/09 16:06:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/07 14:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/11/07 14:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/11/07 14:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010/11/02 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/31 20:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\gmer
[2010/10/30 09:29:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/10/29 12:41:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\IETldCache
[2010/10/29 12:40:18 | 000,000,000 | -HSD | C] -- C:\FOUND.793
[2010/10/29 12:36:02 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2010/10/29 12:35:58 | 000,327,368 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/10/29 12:35:58 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/10/29 11:05:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/10/29 11:05:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/10/29 11:02:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/10/29 09:45:24 | 000,000,000 | -HSD | C] -- C:\FOUND.792
[2010/10/28 09:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\olevel papers
[2010/10/28 09:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\xam papers a level
[2010/10/28 06:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\Autoruns
[2010/10/26 19:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/10/19 22:04:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/19 22:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/19 20:22:36 | 000,000,000 | -HSD | C] -- C:\FOUND.791
[2010/10/17 12:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/10/17 12:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/10/17 12:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/10/17 12:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/10/17 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/17 12:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/10/16 20:55:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/10/15 13:49:54 | 000,000,000 | -HSD | C] -- C:\FOUND.790
[2010/10/11 18:38:26 | 000,000,000 | -HSD | C] -- C:\FOUND.789
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 16:02:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\OTL.exe
[2010/11/10 15:55:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/10 14:16:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 14:14:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/10 14:14:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 19:00:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/11/09 18:52:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/09 18:24:46 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for LENOVO.job
[2010/11/08 21:06:00 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/11/08 21:06:00 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/11/08 19:00:02 | 000,000,796 | ---- | M] () -- C:\WINDOWS\tasks\back up process.job
[2010/11/07 14:41:10 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Burger Shop 2.lnk
[2010/11/07 14:41:10 | 000,001,158 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Yahoo! Games.lnk
[2010/11/07 13:09:18 | 000,055,549 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\cute-teddy-bear-greetings.jpg
[2010/11/07 12:59:16 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/06 20:31:56 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Questionnaire.doc
[2010/11/06 20:11:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/05 14:21:54 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/05 14:21:50 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/02 20:16:38 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\RSIT.exe
[2010/10/31 20:45:30 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\gmer.zip
[2010/10/31 20:32:22 | 000,626,176 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\dds.scr
[2010/10/31 20:30:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\defogger_reenable
[2010/10/31 20:29:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Defogger.exe
[2010/10/30 19:01:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/29 20:03:46 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Online Backup.lnk
[2010/10/29 12:41:20 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/29 12:35:54 | 000,024,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/10/17 12:11:56 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/10/17 12:11:20 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/10/15 16:32:14 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 14:41:08 | 000,001,158 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Yahoo! Games.lnk
[2010/11/07 14:41:07 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Burger Shop 2.lnk
[2010/11/07 13:09:16 | 000,055,549 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\cute-teddy-bear-greetings.jpg
[2010/11/02 20:16:35 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\RSIT.exe
[2010/10/31 20:45:19 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\gmer.zip
[2010/10/31 20:32:00 | 000,626,176 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\dds.scr
[2010/10/31 20:30:02 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\defogger_disable.log
[2010/10/31 20:30:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\defogger_reenable
[2010/10/31 20:29:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Defogger.exe
[2010/10/31 19:54:49 | 000,000,796 | ---- | C] () -- C:\WINDOWS\tasks\back up process.job
[2010/10/29 20:03:45 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Online Backup.lnk
[2010/10/29 12:35:53 | 000,024,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/10/28 06:49:53 | 000,618,945 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\Autoruns.zip
[2010/10/27 22:35:32 | 011,879,777 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\video.mp4
[2010/10/26 19:54:04 | 000,000,256 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/10/19 22:09:05 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/17 21:07:53 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Desktop\Questionnaire.doc
[2010/10/17 12:13:02 | 000,000,476 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for LENOVO.job
[2010/10/17 12:11:53 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/10/17 12:11:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2009/06/20 10:59:35 | 000,153,131 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Application Data\NMM-MetaData.db
[2009/02/07 14:49:13 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/17 11:51:29 | 000,000,537 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/30 19:40:44 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/09/15 14:26:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/21 18:51:08 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2007/08/16 16:30:58 | 000,001,478 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/05/13 20:13:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/25 20:06:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AMDIALER.INI
[2007/04/23 18:09:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/15 01:35:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/02/15 01:35:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/02/15 01:35:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/02/15 01:35:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/02/15 01:35:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/02/15 01:35:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/02/15 01:34:59 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/02/15 01:24:32 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/02/15 01:24:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2007/02/14 11:39:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/10 17:23:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/10 16:53:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/20 14:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/29 12:58:46 | 000,001,320 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/06/13 15:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 14:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 14:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\winlogon.exe
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/10 16:52:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/04/10 16:52:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/10 16:52:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 18:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/09/07 18:47:20 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/09/07 18:46:52 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/09/07 18:52:04 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/09/07 18:47:08 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/09/07 18:52:26 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/09/07 18:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/08/31 19:45:14 | 000,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys

< End of report >


Extras.Txt

OTL Extras logfile created on: 11/10/2010 4:08:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 96.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 0.59 Gb Free Space | 2.03% Space Free | Partition Type: FAT32
Drive D: | 114.79 Gb Total Space | 109.99 Gb Free Space | 95.82% Space Free | Partition Type: FAT32

Computer Name: LENOVO-6D4B0BB5 | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9842:TCP" = 9842:TCP:*:Enabled:SolidNetworkManager
"9842:UDP" = 9842:UDP:*:Enabled:SolidNetworkManager
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10125:TCP" = 10125:TCP:*:Enabled:BitComet 10125 TCP
"10125:UDP" = 10125:UDP:*:Enabled:BitComet 10125 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Yahoo! Games\BeTrapped!\BeTrapped.exe" = C:\Program Files\Yahoo! Games\BeTrapped!\BeTrapped.exe:*:Disabled:BeTrapped Game Executable -- File not found
"C:\WINDOWS\System32\SolidStateNetworks\SolidStateION\solidnm.exe" = C:\WINDOWS\System32\SolidStateNetworks\SolidStateION\solidnm.exe:*:Enabled:Solid State Networks Browser Plugin -- File not found
"C:\Program Files\Ares Ultra\Ares Ultra.exe" = C:\Program Files\Ares Ultra\Ares Ultra.exe:*:Disabled:Ares Ultra p2p for windows -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus -- File not found
"C:\WINDOWS\System32\usmt\migwiz.exe" = C:\WINDOWS\System32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Puzzoo\Fortune Pond\FortunePond.exe" = C:\Program Files\Puzzoo\Fortune Pond\FortunePond.exe:*:Enabled:Flash Player 5.0 r30 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\msmsgs.exe" = C:\Documents and Settings\LENOVO.LENOVO-6D4B0BB5\My Documents\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"E:\COUNTER-STRIKE 1.6\HL.EXE" = E:\COUNTER-STRIKE 1.6\HL.EXE:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\SecondLifeViewer2\SLVoice.exe" = C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe" = C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe:*:Enabled:Norton Online Backup Service -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{138443F1-F2E1-4F73-8155-60DA0BD521E5}" = SymNet
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11738453}" = Burger Shop 2
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}" = A4 TECH USB PC Camera V
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow! for Lenovo
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A555BD2B-7D14-42DF-A311-756C561B16D6}" = Lenovo Hotkey Setup
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F4D82D-2709-406B-957D-4A02DC966F71}" = Symantec Real Time Storage Protection Component
"{AAD900CD-C20C-4D94-32D3-6E79423A8C77}" = Mystery of Shark Island
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B9FF40E3-FD29-4336-B750-0C9AFD9FDF8A}" = FIFA 2002 Demo
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"a976ec3c-42f2-2fdb-7f3b-7ac12a82d77d" = Browser Performance Tool Offersfortoday
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice in Wonderland" = Alice in Wonderland (remove only)
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Free Antivirus
"Backyard Soccer 2004" = Backyard Soccer 2004
"BFGC" = Big Fish Games Client
"BFG-Grimm's Hatchery" = Grimm's Hatchery (remove only)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"City Sights Hello Seattle" = City Sights Hello Seattle (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CToolbar_UNINSTALL" = Crawler Toolbar
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"Dream Day Wedding Viva Las Vegas" = Dream Day Wedding Viva Las Vegas (remove only)
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Escape the Lost Kingdom" = Escape the Lost Kingdom (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"Family Restaurant" = Family Restaurant (remove only)
"Foxit PDF Creator" = Foxit PDF Creator
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Grace's Quest - To Catch An Art Thief" = Grace's Quest - To Catch An Art Thief (remove only)
"Grimmís Hatchery" = Grimmís Hatchery (remove only)
"Grimm's Hatchery" = Grimm's Hatchery (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Imikimi Plugin" = Imikimi Plugin
"Love & Death - Bitten" = Love & Death - Bitten (remove only)
"Magic Encyclopedia - Illusions" = Magic Encyclopedia - Illusions (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSNINST" = MSN
"Mystery of Shark Island" = Mystery of Shark Island (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"Plants vs. Zombies" = Plants vs. Zombies
"PocketRAR" = Pocket RAR documentation
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"qcrdnybviukabjx" = RON Tool Offersfortoday
"Quick Player 2009 2.2" = Quick Player 2009 2.2
"RealPlayer 12.0" = RealPlayer
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"SopCore" = SopCore 1.1.2
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"The Dream Voyagers" = The Dream Voyagers (remove only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 3.9
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-264361075-924108908-1271977798-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/23/2010 5:47:01 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 8/29/2010 3:13:28 PM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:09:24 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:21:40 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:41:00 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:41:24 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:46:28 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:47:17 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:47:54 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

Error - 10/13/2010 4:47:54 AM | Computer Name = LENOVO-6D4B0BB5 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 11/1/2010 1:22:48 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

Error - 11/1/2010 2:32:41 AM | Computer Name = LENOVO-6D4B0BB5 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 11/1/2010 2:33:29 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/1/2010 2:50:56 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/1/2010 10:36:25 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/1/2010 10:55:55 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/1/2010 1:15:57 PM | Computer Name = LENOVO-6D4B0BB5 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15477, faulting module
gmer.exe, version 1.0.15.15477, fault address 0x0000c5d7.

Error - 11/1/2010 1:16:12 PM | Computer Name = LENOVO-6D4B0BB5 | Source = Application Error | ID = 1001
Description = Fault bucket -2129236137.

Error - 11/2/2010 5:42:19 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/2/2010 5:51:30 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

[ Application Events ]
Error - 11/1/2010 1:22:48 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

Error - 11/1/2010 2:32:41 AM | Computer Name = LENOVO-6D4B0BB5 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 11/1/2010 2:33:29 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/1/2010 2:50:56 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/1/2010 10:36:25 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/1/2010 10:55:55 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/1/2010 1:15:57 PM | Computer Name = LENOVO-6D4B0BB5 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15477, faulting module
gmer.exe, version 1.0.15.15477, fault address 0x0000c5d7.

Error - 11/1/2010 1:16:12 PM | Computer Name = LENOVO-6D4B0BB5 | Source = Application Error | ID = 1001
Description = Fault bucket -2129236137.

Error - 11/2/2010 5:42:19 AM | Computer Name = LENOVO-6D4B0BB5 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 11/2/2010 5:51:30 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

[ OSession Events ]
Error - 10/20/2008 7:16:26 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 85
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/22/2008 6:06:25 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12105
seconds with 2700 seconds of active time. This session ended with a crash.

Error - 10/15/2008 4:23:13 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/7/2010 4:10:21 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/7/2010 4:10:41 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/7/2010 4:10:57 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 3 time(s).

Error - 11/7/2010 12:58:16 PM | Computer Name = LENOVO-6D4B0BB5 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 001558D8EF37.

Error - 11/8/2010 2:18:58 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/8/2010 2:19:07 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/8/2010 2:19:14 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 3 time(s).

Error - 11/8/2010 9:06:56 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/8/2010 9:07:10 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 11/8/2010 9:07:17 AM | Computer Name = LENOVO-6D4B0BB5 | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 3 time(s).


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 11 November 2010 - 04:51 AM

Hi,

you seem to be running multiple anti virus programs:
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and keep only one of the following Avast or Symanytec or Lavasoft Antivirus

Please run a rootkit scan as well:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 12 November 2010 - 10:17 AM

Hello,

I did it and please find the results of the scan below. The scan does not give any indication when it is over, right?
Because after several minutes, a list had been generated and I saved it.

LOG RESULT:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-12 19:07:52
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LENOVO~1.LEN\LOCALS~1\Temp\pfwoipog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA2F7BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAA2F79D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAA2F7B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 14 November 2010 - 05:37 PM

Hi,

the logs are looking pretty clean. The destkop icons are stil gone?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 15 November 2010 - 11:38 AM

Yes, its been so for almost a year now! I'm starting to despair, I no more know what to do!

There's no icons on the desktop, the right click option won't work on the desktop and the shut down option has disappeared from the task bar. I must log off first to be able to shut down or put the computer on stand by mode.. I once tried creating a new account and logging in on my pc, but that too did not work..

And two windows keep popping up when i start my computer:

1. RUNDLL Error loading C:\WINDOWS\system32\pfgdiwck.dll ( this window actually popped up even when my pc was ok and the icons on desktop was here)

2. cannot find script file "C:\WINDOWS\system32\winmgmt.vbe" (this one is quite recent, maybe since 2 months)

I was in the Am i infected forum before, and got help to clean the computer.But apparently that's not enough to clean it completely..

I would be grateful if i could get any advice on what to do further..

I don't know if it's a problem really, but today, when i connected to the internet through my usual browser (mozilla firefox), the bookmarks,history, to and back option, could not be accessed. My browser says it's been used by another application.
Thanks,
Tenusha.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 16 November 2010 - 03:25 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Do you have your Windows CD handy?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 16 November 2010 - 12:52 PM

Hello,

Okay, i will do this and let you know what happened. A friend with a similar problem as mine ran combofix and got rid of the problem. But i didn't run it as I've been told it's for professional use. And this is how i came to know of bleeping computer..

Will i be at risk of losing any files(office docs,..) while using combofix?

I have a Lenovo Product Recovery CD-ROM for windows xp sp2, is this what you're referring to?

Thanks.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 17 November 2010 - 05:44 AM

Hi,

the CD might do, we'll check when we get to actually needing it. :)

ComboFix should not touch your documents.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 19 November 2010 - 06:06 AM

Hello myrti:)

The combofix ran without any difficulty and after the scan, the icons on my desktop have been restored.
Only one pop up window opened during combofix performing its scan: it said registry error. I closed it and let combofix continue.

here's the log result:

ComboFix 10-11-17.02 - LENOVO 11/19/2010 14:39:55.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.174 [GMT 4:00]
Running from: c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Recent\Thumbs.db
c:\documents and settings\LENOVO\My Documents\Internet Explorer.lnk
c:\windows\Katal.exe
c:\windows\S.BAT
c:\windows\system32\a976ec3c-42f2-2fdb-7f3b-7ac12a82d77d.exe
c:\windows\VM305Cap.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 06:58 . 2010-11-19 06:58 -------- d-----w- C:\FOUND.794
2010-11-17 08:40 . 2010-11-17 08:40 -------- d-----w- c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Casual Mechanics
2010-11-16 14:31 . 2010-11-16 14:31 -------- d-----w- C:\FOUND.373
2010-11-13 14:47 . 2001-08-17 18:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-11-13 14:47 . 2004-08-03 20:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-11-13 07:23 . 2010-11-13 07:23 -------- d-----w- C:\FOUND.001
2010-11-11 14:19 . 2010-11-11 14:19 -------- d-----w- C:\FOUND.000
2010-11-09 12:06 . 2010-09-14 22:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-07 10:41 . 2010-11-07 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2010-11-07 10:41 . 2010-11-07 10:41 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-11-07 10:40 . 2010-11-07 10:40 -------- d-----w- c:\program files\Oberon Media
2010-11-06 07:37 . 2010-11-06 07:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 07:37 . 2010-11-06 07:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-02 16:56 . 2010-11-02 16:56 -------- d-----w- c:\program files\trend micro
2010-10-30 05:29 . 2010-10-30 05:29 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-10-29 08:43 . 2010-10-29 08:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-29 08:41 . 2010-10-29 08:41 -------- d-sh--w- c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\IETldCache
2010-10-29 08:40 . 2010-10-29 08:40 -------- d-----w- C:\FOUND.793
2010-10-29 08:36 . 2010-07-27 08:50 253072 ----a-w- c:\windows\system32\drivers\Trufos.sys
2010-10-29 08:35 . 2010-07-09 11:08 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-10-29 08:35 . 2010-05-13 13:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2010-10-29 08:35 . 2010-10-29 08:35 24306 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2010-10-29 07:05 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-10-29 07:05 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-29 07:05 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-29 07:02 . 2010-10-29 07:02 -------- d--h--w- c:\windows\ie8
2010-10-29 05:45 . 2010-10-29 05:45 -------- d-----w- C:\FOUND.792
2010-10-26 15:52 . 2010-10-26 15:52 -------- d-----w- c:\program files\Common Files\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 09:25 . 2007-02-14 21:19 69632 ----a-w- c:\windows\DUMP5a93.tmp
2010-09-15 00:50 . 2010-05-11 07:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-07 15:12 . 2010-10-19 18:04 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-06-11 07:46 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-06-11 07:47 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-06-11 07:47 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-06-11 07:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-06-11 07:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-06-11 07:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-06-11 07:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-06-11 07:47 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 12:47 . 2010-09-01 12:46 107762982 ----a-w- C:\RegBackup.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 14:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-29 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-08-31 1783808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-08 968536]

c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-2-15 114688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Symantec\\Norton Online Backup\\NOBuClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:SolidNetworkManager
"9842:UDP"= 9842:UDP:SolidNetworkManager
"10125:TCP"= 10125:TCP:BitComet 10125 TCP
"10125:UDP"= 10125:UDP:BitComet 10125 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/11/2008 11:47 AM 165584]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [10/29/2010 12:35 PM 12960]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 PM 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/21/2007 6:51 PM 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/11/2008 11:47 AM 17744]
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe [6/8/2010 11:20 AM 2057560]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [4/23/2007 9:02 AM 391688]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/3/2009 9:09 AM 234888]
S2 gupdate1c9f8a6776e59b0;Google Update Service (gupdate1c9f8a6776e59b0);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 2:43 PM 133104]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp --> c:\docume~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/16/2010 9:24 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/16/2010 9:24 PM 8320]
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 10:43]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 10:43]

2010-11-08 c:\windows\Tasks\back up process.job
- c:\windows\system32\ntbackup.exe [2001-08-17 18:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\LENOVO\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\
FF - component: c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-Run-<NO NAME> - (no file)
HKLM-Run-BigDog305 - c:\windows\VM305_STI.EXE
Notify-opnnkhi - opnnkhi.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-a976ec3c-42f2-2fdb-7f3b-7ac12a82d77d - c:\windows\system32\a976ec3c-42f2-2fdb-7f3b-7ac12a82d77d.exe
AddRemove-Magic Encyclopedia - Illusions - c:\program files\Yahoo! Games\Magic Encyclopedia - Illusions\Uninstall.exe
AddRemove-qcrdnybviukabjx - c:\windows\system32\qcrdnybviukabjx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-19 14:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""="Rundll32.exe \"c:\\WINDOWS\\system32\\pfgdiwck.dll\",s"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-264361075-924108908-1271977798-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1368)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-11-19 14:57:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-19 10:57

Pre-Run: 2,217,246,720 bytes free
Post-Run: 4,729,487,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 551011E2560596C8F9FD449B3125E650


thanks!

#12 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 22 November 2010 - 04:48 AM

Thanks very much for your help:) the computer is ok now.

I was advised to disable CD Emulation through Defogger before. I guess its ok i disable it now that my problem is solved?

And is there anything i can do for the pop-up window saying RUNDLL Error loading C:\WINDOWS\system32\pfgdiwck.dll?

Regards:)

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 22 November 2010 - 07:38 PM

Hi,

please try this script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=-
file::
c:\WINDOWS\system32\pfgdiwck.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited by myrti, 22 November 2010 - 07:39 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Tenusha

Tenusha
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mauritius
  • Local time:04:39 PM

Posted 24 November 2010 - 06:20 AM

Hello myrti,

Please find the log of the scan pasted below.

ComboFix 10-11-23.04 - LENOVO 11/24/2010 14:51:02.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.140 [GMT 4:00]
Running from: c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Desktop\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\pfgdiwck.dll"
.

((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-24 08:56 . 2010-11-24 08:56 -------- d-----w- C:\FOUND.796
2010-11-23 14:05 . 2010-11-23 14:05 -------- d-----w- c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Sungift Games
2010-11-23 14:05 . 2010-11-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sungift Games
2010-11-21 09:19 . 2010-11-21 09:19 -------- d-----w- C:\FOUND.795
2010-11-19 06:58 . 2010-11-19 06:58 -------- d-----w- C:\FOUND.794
2010-11-17 08:40 . 2010-11-17 08:40 -------- d-----w- c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Casual Mechanics
2010-11-16 14:31 . 2010-11-16 14:31 -------- d-----w- C:\FOUND.373
2010-11-13 14:47 . 2001-08-17 18:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-11-13 14:47 . 2004-08-03 20:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-11-13 07:23 . 2010-11-13 07:23 -------- d-----w- C:\FOUND.001
2010-11-11 14:19 . 2010-11-11 14:19 -------- d-----w- C:\FOUND.000
2010-11-09 12:06 . 2010-09-14 22:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-07 10:41 . 2010-11-07 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2010-11-07 10:41 . 2010-11-07 10:41 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-11-07 10:40 . 2010-11-07 10:40 -------- d-----w- c:\program files\Oberon Media
2010-11-06 07:37 . 2010-11-06 07:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 07:37 . 2010-11-06 07:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-02 16:56 . 2010-11-02 16:56 -------- d-----w- c:\program files\trend micro
2010-10-30 05:29 . 2010-10-30 05:29 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-10-29 08:43 . 2010-10-29 08:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-29 08:41 . 2010-10-29 08:41 -------- d-sh--w- c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\IETldCache
2010-10-29 08:40 . 2010-10-29 08:40 -------- d-----w- C:\FOUND.793
2010-10-29 08:36 . 2010-07-27 08:50 253072 ----a-w- c:\windows\system32\drivers\Trufos.sys
2010-10-29 08:35 . 2010-07-09 11:08 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-10-29 08:35 . 2010-05-13 13:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2010-10-29 08:35 . 2010-10-29 08:35 24306 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2010-10-29 07:05 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-10-29 07:05 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-29 07:05 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-29 07:02 . 2010-10-29 07:02 -------- d--h--w- c:\windows\ie8
2010-10-29 05:45 . 2010-10-29 05:45 -------- d-----w- C:\FOUND.792
2010-10-26 15:52 . 2010-10-26 15:52 -------- d-----w- c:\program files\Common Files\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 09:25 . 2007-02-14 21:19 69632 ----a-w- c:\windows\DUMP5a93.tmp
2010-09-15 00:50 . 2010-05-11 07:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-07 15:12 . 2010-10-19 18:04 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-06-11 07:46 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-06-11 07:47 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-06-11 07:47 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-06-11 07:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-06-11 07:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-06-11 07:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-06-11 07:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-06-11 07:47 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 12:47 . 2010-09-01 12:46 107762982 ----a-w- C:\RegBackup.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 14:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-24 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-08-31 1783808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-08 968536]

c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-2-15 114688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Symantec\\Norton Online Backup\\NOBuClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:SolidNetworkManager
"9842:UDP"= 9842:UDP:SolidNetworkManager
"10125:TCP"= 10125:TCP:BitComet 10125 TCP
"10125:UDP"= 10125:UDP:BitComet 10125 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/11/2008 11:47 AM 165584]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [10/29/2010 12:35 PM 12960]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 PM 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/21/2007 6:51 PM 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/11/2008 11:47 AM 17744]
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe [6/8/2010 11:20 AM 2057560]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [4/23/2007 9:02 AM 391688]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 PM 12872]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/3/2009 9:09 AM 234888]
S2 gupdate1c9f8a6776e59b0;Google Update Service (gupdate1c9f8a6776e59b0);c:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 2:43 PM 133104]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp --> c:\docume~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/16/2010 9:24 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/16/2010 9:24 PM 8320]
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 10:43]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 10:43]

2010-11-08 c:\windows\Tasks\back up process.job
- c:\windows\system32\ntbackup.exe [2001-08-17 18:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\LENOVO\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\
FF - component: c:\documents and settings\LENOVO.LENOVO-6D4B0BB5\Application Data\Mozilla\Firefox\Profiles\i55anhsi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 14:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""="Rundll32.exe \"c:\\WINDOWS\\system32\\pfgdiwck.dll\",s"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\LENOVO~1.LEN\LOCALS~1\Temp\CNH16B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-264361075-924108908-1271977798-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-24 15:01:16
ComboFix-quarantined-files.txt 2010-11-24 11:01
ComboFix2.txt 2010-11-19 10:57

Pre-Run: 3,934,322,688 bytes free
Post-Run: 4,036,952,064 bytes free

- - End Of File - - 0C3D2B77A0D94B8F608E9914877D4F3C


Regards and thanks.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 26 November 2010 - 07:58 AM

Hi,

could you please run the following batch for me:
Open Notepad and copy/paste the code box below into a new text file.
@echo off
reg query hklm\software\microsoft\windows\currentversion\run >log.txt
log.txt
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users