Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Windows Vista 64 consrv file missing


  • This topic is locked This topic is locked
13 replies to this topic

#1 i4Cit

i4Cit

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 19 November 2011 - 08:02 AM

Hello all,
So sorry that I have to pop my cherry here with this 1, but I literally don't have
the days it would probably take me to learn/find the malware/trojan and fix everything that's broken.
I love the site BTW, glad to find a place with such an abundance of Vista crap knowledge.

Well anyway here it goes...
Seems I've inherited from a bud a T61 (T7500,4GB ram) w/Vista Ultimate x64 that
seems to have the same MO(almost to the T) as jephph1 had in This Post about 2 months ago.
Tried the same; Recovery Disk - Startup Repair - Either can't autofix issue after Sys reboot or doesn't find any problem.

here's chkdsk C: /r -

CHKDSK is verifying files (stage 1 of 5)...
249472 file records processed.
File verification completed.
1184 large file records processed.
0 bad file records processed.
4 EA records processed.
CHKDSK is verifying indexes (Stage 2 of 5)...
306600 index entries processed.
Index verification completed.
0 unindexed files processed.
CHKDSK is verifying security descriptors (Stage 3 of 5)...
249472 security descriptors processed.
Security descriptor verification completed.
28565 data files processed.
CHKDSK is verifying Usn Journal...
37404064 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
249456 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
7126760 free clusters processed.
Free space verification is complete.
Windows has made corrections to the file system.

97683455 KB total disk space.
68710916 KB in 163704 files.
102120 KB in 28566 indexes.
0 KB in bad sectors.
363379 KB in use by the system.
65536 KB occupied by the log file.
28507040 KB available on disk.

4096 bytes in each allocation unit.
24420863 total allocation units on disk.
7126760 allocation units available on disk.
Failed to transfer logged messages to the event log with status 50.

as for SFC /scannow - Windows Resource Protection could not start the repair service.
Tried sfc /SCANFILE=c:\windows\system32\consrv.dll /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows.
got - Windows Resource Protection could not perform the requested operation.
Also tried this in system64 & sysWOW64 got the same message.
Even tried the ole XP fix by adding a blank consrv.dll since I couldn't find 1 when I checked the Windows Sys directories,
Still the same response as above with sfc.

Here's the Dump of frst64 after the CHKDSK fix.
I have 1 before the fix if needed.
TNX in Advance to whomever for any Help as well as Your Valuable Time.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.9
Ran by SYSTEM at 2011-11-19 05:02:28
Running from E:\
Windows Vista ™ Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [964904 2008-10-06] (Synaptics, Inc.)
HKLM\...\Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S [24576 2009-08-22] ()
HKLM\...\Run: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T [24576 2009-08-22] ()
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2008-09-30] (Lenovo Group Limited)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2008-11-12] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15871008 2008-11-12] (NVIDIA Corporation)
HKLM\...\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [109608 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [7251256 2008-06-13] (Lenovo Group Limited)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [80368 2008-08-09] ()
HKLM-x32\...\Run: [Windows Defender] %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide [x]
HKLM-x32\...\Run: [LPManager] C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe [185688 2009-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [LPMailChecker] C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2009-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [TpShocks] TpShocks.exe [x]
HKLM-x32\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [964904 2008-10-06] (Synaptics, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] "C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe" [1282048 2007-07-10] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [240112 2008-08-13] (Sonic Solutions)
HKLM-x32\...\Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S [24576 2009-08-22] ()
HKLM-x32\...\Run: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T [24576 2009-08-22] ()
HKLM-x32\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2008-09-30] (Lenovo Group Limited)
HKLM-x32\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2008-11-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15871008 2008-11-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [109608 2006-11-07] (Lenovo Group Limited)
HKLM-x32\...\Run: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper [992816 2007-02-26] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [7251256 2008-06-13] (Lenovo Group Limited)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [25088 2008-01-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.67.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [125424 2008-08-01] ()
2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [915232 2011-01-24] (Broadcom Corporation.)
3 DFSR; C:\Windows\System32\DFSR.exe [3433472 2009-04-10] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [268288 2009-04-10] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [15360 2006-11-02] (Microsoft Corporation)
2 EMDMgmt; C:\Windows\System32\emdmgmt.dll [399360 2009-04-10] (Microsoft Corporation)
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [745472 2011-03-31] ()
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45344 2008-09-29] (Lenovo)
2 IPSSVC; C:\Windows\System32\IPSSVC.EXE [135216 2007-01-30] (Lenovo Group Limited)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [206336 2007-01-24] (Microsoft Corporation)
3 Roxio UPnP Renderer 11; "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe" [313840 2008-08-13] (Sonic Solutions)
2 Roxio Upnp Server 11; "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe" [367088 2008-08-13] (Sonic Solutions)
2 RoxLiveShare11; "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe" [309744 2008-08-13] (Sonic Solutions)
3 RoxMediaDB11; "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe" [1124848 2008-08-13] (Sonic Solutions)
2 RoxWatch11; "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe" [170480 2008-08-13] (Sonic Solutions)
2 slsvc; C:\Windows\System32\SLsvc.exe [2582016 2009-04-10] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [73216 2009-04-10] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47728 2011-01-13] (Lenovo.)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [58736 2008-10-24] (Lenovo Group Limited)
2 TSSCoreService; "C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe" [779576 2008-06-13] (Lenovo)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [428544 2007-01-24] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [457728 2007-10-04] (Analog Devices, Inc.)
4 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [184424 2006-11-02] (Adaptec, Inc.)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
3 e1express; C:\Windows\System32\DRIVERS\e1e6032e.sys [318080 2008-03-05] (Intel Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [155112 2009-04-10] (Microsoft Corporation)
4 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [43112 2006-11-02] (Hewlett-Packard Company)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [286720 2006-09-18] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2006-09-18] (Conexant Systems, Inc.)
4 i2omp; C:\Windows\System32\drivers\i2omp.sys [33384 2006-11-02] (Microsoft Corporation)
3 IBMPMDRV; C:\Windows\System32\DRIVERS\ibmpmdrv.sys [29224 2008-09-29] (Lenovo.)
4 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\System32\drivers\iteraid.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [39016 2006-11-02] (LSI Logic Corporation)
0 NVStrap; C:\Windows\System32\Drivers\NVStrap.sys [13808 2011-04-19] ()
2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12592 2006-11-06] (Lenovo Group Limited)
3 psadd; C:\Windows\System32\DRIVERS\psadd.sys [35904 2009-04-23] (Lenovo (United States) Inc.)
3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2011-04-19] ()
0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [26608 2008-07-31] (Sonic Solutions)
0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [19952 2008-07-31] (Sonic Solutions)
1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27632 2008-07-31] (Sonic Solutions)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [139888 2011-01-13] (Lenovo.)
4 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [49256 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [44648 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [48232 2006-11-02] (LSI Logic)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [295984 2008-10-06] (Synaptics, Inc.)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23664 2011-01-13] (Lenovo.)
3 TPM; C:\Windows\System32\drivers\tpm.sys [54840 2008-01-18] (Microsoft Corporation)
3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [18432 2008-01-18] (Microsoft Corporation)
3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41024 2008-02-22] (Lenovo (United States) Inc.)
4 uliahci; C:\Windows\System32\drivers\uliahci.sys [279656 2006-11-02] (ULi Electronics Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [148072 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [174696 2006-11-02] (Promise Technology, Inc.)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19456 2009-04-10] (Microsoft Corporation)
3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [724480 2006-09-18] (Conexant Systems, Inc.)
3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [46080 2008-01-18] (Microsoft Corporation)
4 blbdrive; [x]
3 cpuz130; \??\C:\Users\Owner\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 GPU-Z; \??\C:\Users\Owner\AppData\Local\Temp\GPU-Z.sys [x]
3 IpInIp; [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 NwlnkFlt; [x]
3 NwlnkFwd; [x]
1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-18 23:56 - 2011-11-18 23:57 - 0000000 ____D C:\FRST
2011-11-18 09:00 - 2011-11-18 17:57 - 0673706 ____A C:\Windows\ntbtlog.txt
2011-11-18 08:53 - 2011-11-18 08:53 - 0000312 ____A C:\Windows\PFRO.log
2011-11-18 08:24 - 2011-11-18 08:37 - 0000763 ____A C:\Users\Owner\Start Menu\Programs\Startup\_uninst_.lnk
2011-11-18 08:24 - 2011-11-18 08:37 - 0000763 ____A C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
2011-11-18 08:24 - 2011-11-18 08:24 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2011-11-18 08:24 - 2011-11-18 08:24 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2011-11-18 07:53 - 2011-11-18 08:22 - 102056416 ____A C:\Users\Owner\Downloads\setup_11.0.0.1245.x01_2011_11_18_17_58.exe
2011-11-17 17:03 - 2011-11-17 17:04 - 0000000 ____D C:\Users\Owner\Downloads\PS3
2011-11-16 22:44 - 2011-11-16 22:44 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2011-11-16 22:43 - 2011-11-16 22:43 - 0000000 ____A C:\Windows\setuperr.log
2011-11-16 22:43 - 2011-11-16 22:43 - 0000000 ____A C:\Windows\setupact.log
2011-11-16 22:42 - 2011-11-18 08:35 - 0005018 ____A C:\Windows\System32\PerfStringBackup.TMP
2011-11-16 22:36 - 2011-11-16 22:39 - 2342352 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-16 20:17 - 2011-11-16 20:17 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2011-11-16 16:52 - 2011-11-18 08:50 - 0018095 ____A C:\Windows\WindowsUpdate.log
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\Users\All Users\2jFf5J64.exe_
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\Users\All Users\2jFf5J64.exe
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\ProgramData\2jFf5J64.exe_
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\ProgramData\2jFf5J64.exe
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\Users\All Users\2jFf5J64.exe_.b
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\Users\All Users\2jFf5J64.exe.b
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\ProgramData\2jFf5J64.exe_.b
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\ProgramData\2jFf5J64.exe.b
2011-11-15 13:44 - 2011-11-15 13:51 - 0000112 ____A C:\Users\All Users\1VjM2R.dat
2011-11-15 13:44 - 2011-11-15 13:51 - 0000112 ____A C:\ProgramData\1VjM2R.dat
2011-11-15 13:44 - 2011-11-15 13:44 - 0031744 ____A (TWX Corp.) C:\Windows\SysWOW64\S6ovG.com.old
2011-11-13 10:28 - 2011-11-13 10:28 - 0000000 ____D C:\Users\All Users\Auslogics
2011-11-13 10:28 - 2011-11-13 10:28 - 0000000 ____D C:\ProgramData\Auslogics
2011-11-11 16:45 - 2011-11-11 16:52 - 0839950 ____A C:\Startup Programs (OWNER-PC) 2011-11-11 19.45.23.txt
2011-11-11 16:26 - 2011-11-11 16:33 - 0840736 ____A C:\Startup Programs (OWNER-PC) 2011-11-11 19.26.03.txt
2011-11-11 15:23 - 2011-11-11 15:23 - 0043701 ____A C:\Users\Owner\Downloads\IBM_Lenovo_ThinkPad_T60_T60p_Product_Recovery.4862686.TPB.torrent
2011-11-11 14:02 - 2011-11-11 14:07 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-11 14:02 - 2011-11-11 14:07 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-11 13:18 - 2011-11-11 16:28 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-11 13:18 - 2011-11-11 16:28 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-11 12:23 - 2011-11-11 12:31 - 0000000 ____D C:\Windows\System64
2011-11-11 11:35 - 2011-11-11 11:35 - 2458624 ____A (Microsoft Corp.) C:\Users\Owner\Downloads\AV Security 2012v121.exe.old
2011-11-11 06:41 - 2011-11-11 06:42 - 44400350 ____A C:\Users\Owner\Downloads\20111110_Thu_Alex.mp3
2011-11-11 06:39 - 2011-11-11 06:39 - 44400141 ____A C:\Users\Owner\Downloads\20111109_Wed_Alex.mp3
2011-11-10 00:41 - 2011-11-10 02:22 - 0000000 ____D C:\Users\Owner\Downloads\CODMW2
2011-11-09 20:20 - 2011-11-10 00:09 - 0000000 ____D C:\Users\Owner\Downloads\PS3jb
2011-11-09 20:05 - 2011-11-09 20:06 - 0000000 ____D C:\Users\Owner\Downloads\COD4
2011-11-09 19:58 - 2011-11-09 19:58 - 0025088 ____A (Microsoft) C:\Users\Owner\Downloads\MW2PatchBlocker.exe
2011-11-09 19:44 - 2011-11-09 19:44 - 0412160 ____A (www.ModboxTeam.com) C:\Users\Owner\Downloads\MW2+MODBOX+v+7.1.exe
2011-11-09 19:22 - 2011-11-09 19:22 - 4251204 ____A C:\Users\Owner\Downloads\FileZilla_3.3.5.1_win32-setup.exe
2011-11-09 19:03 - 2011-11-09 19:03 - 1210825 ____A C:\Users\Owner\Downloads\Geohot CFw 3.55 + Awsome File Manager.rar
2011-11-09 18:23 - 2011-11-09 18:24 - 0000000 ____D C:\Users\Owner\Downloads\MW2PHBTE
2011-11-09 18:23 - 2011-11-09 18:23 - 0000000 ____D C:\Users\Owner\Downloads\MW2-CVAR-Tool-Update
2011-11-09 18:23 - 2011-11-09 18:23 - 0000000 ____D C:\Users\Owner\Downloads\MW2 Patches
2011-11-09 18:20 - 2011-11-09 18:20 - 5562336 ____A C:\Users\Owner\Downloads\MW2PHBTE.rar
2011-11-09 18:10 - 2011-11-09 18:11 - 8895488 ____A C:\Users\Owner\Downloads\mkv2vob249.exe
2011-11-09 16:45 - 2011-11-09 16:45 - 0005980 ___SH C:\Users\Owner\Downloads\Folder.jpg
2011-11-09 16:45 - 2011-11-09 16:45 - 0001911 ___SH C:\Users\Owner\Downloads\AlbumArtSmall.jpg
2011-11-09 14:22 - 2011-11-09 14:23 - 1107368 ____A (Alactro LLC) C:\Users\Owner\Downloads\BestVideoDownloaderSetup-OL.exe
2011-11-08 23:09 - 2011-11-08 23:09 - 44405052 ____A C:\Users\Owner\Downloads\20111108_Tue_Alex.mp3
2011-11-08 23:06 - 2011-11-08 23:06 - 42883158 ____A C:\Users\Owner\Downloads\20111107_Mon_Alex.mp3
2011-11-08 23:04 - 2011-11-08 23:04 - 28285934 ____A C:\Users\Owner\Downloads\20111106_Sun_Alex.mp3
2011-11-08 23:02 - 2011-11-08 23:02 - 47071736 ____A C:\Users\Owner\Downloads\20111104_Fri_Alex.mp3
2011-11-08 23:00 - 2011-11-08 23:00 - 72188680 ____A C:\Users\Owner\Downloads\20111103_Thu_Alex.mp3
2011-11-07 09:53 - 2011-11-07 09:53 - 0005264 ____A C:\Users\Owner\Downloads\2668491500 Cisco Linksys E3000 High Performance Wireless N Router - $70 .html
2011-11-07 09:53 - 2011-11-07 09:53 - 0000000 ____D C:\Users\Owner\Downloads\2668491500 Cisco Linksys E3000 High Performance Wireless N Router - $70 _files
2011-11-07 09:51 - 2011-11-07 09:51 - 0005497 ____A C:\Users\Owner\Downloads\2665033943 Logitech Wireless Racing Wheel for PS3 - $40.html
2011-11-07 09:51 - 2011-11-07 09:51 - 0000000 ____D C:\Users\Owner\Downloads\2665033943 Logitech Wireless Racing Wheel for PS3 - $40_files
2011-11-07 09:49 - 2011-11-07 09:49 - 0004331 ____A C:\Users\Owner\Downloads\2685161204 Playstation 3 (PS3) Sealed - $220 (Broward).html
2011-11-07 09:49 - 2011-11-07 09:49 - 0000000 ____D C:\Users\Owner\Downloads\2685161204 Playstation 3 (PS3) Sealed - $220 (Broward)_files
2011-11-07 09:48 - 2011-11-07 09:48 - 0004626 ____A C:\Users\Owner\Downloads\2675298366 Xbox and Ps3 games - $15 (Will meet at walmart).html
2011-11-07 09:48 - 2011-11-07 09:48 - 0000000 ____D C:\Users\Owner\Downloads\2675298366 Xbox and Ps3 games - $15 (Will meet at walmart)_files
2011-11-07 09:46 - 2011-11-07 09:46 - 0004739 ____A C:\Users\Owner\Downloads\2686372262 Pioneer AVH-P6500DVD-best offer gets it - $99 (Boca Raton).html
2011-11-07 09:46 - 2011-11-07 09:46 - 0000000 ____D C:\Users\Owner\Downloads\2686372262 Pioneer AVH-P6500DVD-best offer gets it - $99 (Boca Raton)_files
2011-11-07 09:45 - 2011-11-07 09:45 - 0006197 ____A C:\Users\Owner\Downloads\Bluetooth Headset 2.1 Extended Battery Life - $24 .html
2011-11-07 09:45 - 2011-11-07 09:45 - 0000000 ____D C:\Users\Owner\Downloads\Bluetooth Headset 2.1 Extended Battery Life - $24 _files
2011-11-04 19:08 - 2011-11-04 19:08 - 0001081 ____A C:\Users\Owner\Desktop\BlackBerry 9530.lnk
2011-11-04 00:45 - 2011-11-04 00:45 - 42925477 ____A C:\Users\Owner\Downloads\20111102_Wed_Alex.mp3
2011-11-01 20:43 - 2011-11-01 20:43 - 44408082 ____A C:\Users\Owner\Downloads\20111101_Tue_Alex.mp3
2011-10-31 19:59 - 2011-10-31 19:59 - 48007129 ____A C:\Users\Owner\Downloads\20111031_Mon_Alex.mp3
2011-10-31 19:54 - 2011-10-31 19:55 - 28283008 ____A C:\Users\Owner\Downloads\20111030_Sun_Alex.mp3
2011-10-29 13:17 - 2011-10-29 13:23 - 44404007 ____A C:\Users\Owner\Downloads\20111028_Fri_Alex.mp3
2011-10-29 06:36 - 2011-10-29 06:36 - 0000000 ____D C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2011-10-29 06:32 - 2011-11-16 13:29 - 0002477 ____A C:\Users\Public\Desktop\inSSIDer 2.0.lnk
2011-10-29 06:32 - 2011-10-29 06:32 - 0000000 ____D C:\Program Files\MetaGeek
2011-10-29 06:30 - 2011-10-29 06:30 - 0454120 ____A (CBS Interactive) C:\Users\Owner\Downloads\cnet_inSSIDer-Installer-2_0_7_0126_exe.exe
2011-10-29 06:26 - 2011-10-29 06:26 - 2056228 ____A (MetaGeek, LLC) C:\Users\Owner\Downloads\inSSIDer-Installer-2.0.7.0126.exe
2011-10-27 21:31 - 2011-10-27 21:31 - 0118201 ____A C:\Users\Owner\Downloads\Patton.png
2011-10-27 12:05 - 2011-10-27 12:05 - 44404530 ____A C:\Users\Owner\Downloads\20111027_Thu_Alex.mp3
2011-10-27 09:06 - 2011-10-27 09:06 - 0000921 ____A C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
2011-10-27 06:05 - 2011-10-27 06:05 - 1324458 ____A C:\Users\Owner\Downloads\Castrol_Aug_2011_Save_7_GTX_Family_Rebate.pdf
2011-10-27 00:41 - 2011-10-27 12:07 - 50406215 ____A C:\Users\Owner\Downloads\20111026_Wed_Alex.mp3
2011-10-25 21:10 - 2011-10-25 21:12 - 42880337 ____A C:\Users\Owner\Downloads\20111025_Tue_Alex.mp3
2011-10-24 11:30 - 2011-10-24 11:30 - 42880337 ____A C:\Users\Owner\Downloads\20111024_Mon_Alex.mp3
2011-10-24 11:19 - 2011-10-24 11:19 - 28237241 ____A C:\Users\Owner\Downloads\20111023_Sun_Alex.mp3
2011-10-21 22:12 - 2011-10-21 22:12 - 44405784 ____A C:\Users\Owner\Downloads\20111021_Fri_Alex.mp3
2011-10-21 15:32 - 2011-10-21 15:32 - 0165943 ____A C:\Users\Owner\Downloads\189752.htm
2011-10-21 01:39 - 2011-10-21 01:39 - 0337509 ____A C:\Users\Owner\Downloads\vwoiltsb.pdf
2011-10-20 21:41 - 2011-10-20 21:41 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-20 12:05 - 2011-10-20 12:05 - 42880755 ____A C:\Users\Owner\Downloads\20111020_Thu_Alex.mp3

============ 3 Months Modified Files and Folders =============

2011-11-18 23:57 - 2011-11-18 23:56 - 0000000 ____D C:\FRST
2011-11-18 17:57 - 2011-11-18 09:00 - 0673706 ____A C:\Windows\ntbtlog.txt
2011-11-18 08:53 - 2011-11-18 08:53 - 0000312 ____A C:\Windows\PFRO.log
2011-11-18 08:50 - 2011-11-16 16:52 - 0018095 ____A C:\Windows\WindowsUpdate.log
2011-11-18 08:50 - 2009-04-23 10:06 - 0002140 ____A C:\Windows\bthservsdp.dat
2011-11-18 08:50 - 2006-11-02 07:40 - 0032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-11-18 08:50 - 2006-11-02 07:40 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-18 08:40 - 2011-04-17 22:13 - 0000000 ____D C:\Program Files (x86)\Pale Moon
2011-11-18 08:37 - 2011-11-18 08:24 - 0000763 ____A C:\Users\Owner\Start Menu\Programs\Startup\_uninst_.lnk
2011-11-18 08:37 - 2011-11-18 08:24 - 0000763 ____A C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
2011-11-18 08:35 - 2011-11-16 22:42 - 0005018 ____A C:\Windows\System32\PerfStringBackup.TMP
2011-11-18 08:31 - 2009-08-05 13:05 - 0027839 ____A C:\Users\All Users\nvModes.001
2011-11-18 08:31 - 2009-08-05 13:05 - 0027839 ____A C:\ProgramData\nvModes.001
2011-11-18 08:31 - 2009-08-05 11:01 - 0027839 ____A C:\Users\All Users\nvModes.dat
2011-11-18 08:31 - 2009-08-05 11:01 - 0027839 ____A C:\ProgramData\nvModes.dat
2011-11-18 08:24 - 2011-11-18 08:24 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2011-11-18 08:24 - 2011-11-18 08:24 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2011-11-18 08:22 - 2011-11-18 07:53 - 102056416 ____A C:\Users\Owner\Downloads\setup_11.0.0.1245.x01_2011_11_18_17_58.exe
2011-11-17 17:04 - 2011-11-17 17:03 - 0000000 ____D C:\Users\Owner\Downloads\PS3
2011-11-16 23:13 - 2009-04-23 13:33 - 0000000 ____D C:\Users\All Users\Sonic
2011-11-16 23:13 - 2009-04-23 13:33 - 0000000 ____D C:\ProgramData\Sonic
2011-11-16 22:44 - 2011-11-16 22:44 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2011-11-16 22:43 - 2011-11-16 22:43 - 0000000 ____A C:\Windows\setuperr.log
2011-11-16 22:43 - 2011-11-16 22:43 - 0000000 ____A C:\Windows\setupact.log
2011-11-16 22:39 - 2011-11-16 22:36 - 2342352 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-16 20:17 - 2011-11-16 20:17 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2011-11-16 16:54 - 2006-11-02 04:46 - 0694964 ____A C:\Windows\System32\PerfStringBackup.INI.old
2011-11-16 16:54 - 2006-11-02 04:46 - 0598588 ____A C:\Windows\System32\perfh009.dat.old
2011-11-16 16:54 - 2006-11-02 04:46 - 0102194 ____A C:\Windows\System32\perfc009.dat.old
2011-11-16 16:50 - 2007-01-29 07:36 - 0025224 ____A C:\Windows\System32\PROCDB.INI.old
2011-11-16 16:49 - 2007-06-19 10:13 - 0000380 ____A C:\Windows\System32\IPSCtrl.INI.old
2011-11-16 13:29 - 2011-10-29 06:32 - 0002477 ____A C:\Users\Public\Desktop\inSSIDer 2.0.lnk
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\Users\All Users\2jFf5J64.exe_
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\Users\All Users\2jFf5J64.exe
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\ProgramData\2jFf5J64.exe_
2011-11-15 13:51 - 2011-11-15 13:51 - 0077824 ____A (TWX Corp.) C:\ProgramData\2jFf5J64.exe
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\Users\All Users\2jFf5J64.exe_.b
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\Users\All Users\2jFf5J64.exe.b
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\ProgramData\2jFf5J64.exe_.b
2011-11-15 13:51 - 2011-11-15 13:51 - 0000001 ____A C:\ProgramData\2jFf5J64.exe.b
2011-11-15 13:51 - 2011-11-15 13:44 - 0000112 ____A C:\Users\All Users\1VjM2R.dat
2011-11-15 13:51 - 2011-11-15 13:44 - 0000112 ____A C:\ProgramData\1VjM2R.dat
2011-11-15 13:44 - 2011-11-15 13:44 - 0031744 ____A (TWX Corp.) C:\Windows\SysWOW64\S6ovG.com.old
2011-11-13 13:07 - 2009-04-23 04:14 - 0000000 ____D C:\users\Owner
2011-11-13 10:28 - 2011-11-13 10:28 - 0000000 ____D C:\Users\All Users\Auslogics
2011-11-13 10:28 - 2011-11-13 10:28 - 0000000 ____D C:\ProgramData\Auslogics
2011-11-12 12:06 - 2011-06-04 15:58 - 0016695 ____A C:\Users\Owner\Documents\Current.m3u
2011-11-11 16:52 - 2011-11-11 16:45 - 0839950 ____A C:\Startup Programs (OWNER-PC) 2011-11-11 19.45.23.txt
2011-11-11 16:33 - 2011-11-11 16:26 - 0840736 ____A C:\Startup Programs (OWNER-PC) 2011-11-11 19.26.03.txt
2011-11-11 16:28 - 2011-11-11 13:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-11 16:28 - 2011-11-11 13:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-11 15:23 - 2011-11-11 15:23 - 0043701 ____A C:\Users\Owner\Downloads\IBM_Lenovo_ThinkPad_T60_T60p_Product_Recovery.4862686.TPB.torrent
2011-11-11 14:07 - 2011-11-11 14:02 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-11-11 14:07 - 2011-11-11 14:02 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-11-11 13:58 - 2006-11-02 07:21 - 2342352 ____A C:\Windows\System32\FNTCACHE.DAT.old
2011-11-11 13:02 - 2010-01-06 04:48 - 0000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{C0CD5F55-EE33-4308-88E8-A2B1C7C621F5}.job
2011-11-11 12:31 - 2011-11-11 12:23 - 0000000 ____D C:\Windows\System64
2011-11-11 11:35 - 2011-11-11 11:35 - 2458624 ____A (Microsoft Corp.) C:\Users\Owner\Downloads\AV Security 2012v121.exe.old
2011-11-11 11:16 - 2011-07-17 03:25 - 0000000 ____D C:\Users\Owner\Documents\Visual Studio 2005
2011-11-11 06:42 - 2011-11-11 06:41 - 44400350 ____A C:\Users\Owner\Downloads\20111110_Thu_Alex.mp3
2011-11-11 06:39 - 2011-11-11 06:39 - 44400141 ____A C:\Users\Owner\Downloads\20111109_Wed_Alex.mp3
2011-11-10 02:22 - 2011-11-10 00:41 - 0000000 ____D C:\Users\Owner\Downloads\CODMW2
2011-11-10 00:09 - 2011-11-09 20:20 - 0000000 ____D C:\Users\Owner\Downloads\PS3jb
2011-11-09 20:06 - 2011-11-09 20:05 - 0000000 ____D C:\Users\Owner\Downloads\COD4
2011-11-09 19:58 - 2011-11-09 19:58 - 0025088 ____A (Microsoft) C:\Users\Owner\Downloads\MW2PatchBlocker.exe
2011-11-09 19:44 - 2011-11-09 19:44 - 0412160 ____A (www.ModboxTeam.com) C:\Users\Owner\Downloads\MW2+MODBOX+v+7.1.exe
2011-11-09 19:22 - 2011-11-09 19:22 - 4251204 ____A C:\Users\Owner\Downloads\FileZilla_3.3.5.1_win32-setup.exe
2011-11-09 19:03 - 2011-11-09 19:03 - 1210825 ____A C:\Users\Owner\Downloads\Geohot CFw 3.55 + Awsome File Manager.rar
2011-11-09 18:24 - 2011-11-09 18:23 - 0000000 ____D C:\Users\Owner\Downloads\MW2PHBTE
2011-11-09 18:23 - 2011-11-09 18:23 - 0000000 ____D C:\Users\Owner\Downloads\MW2-CVAR-Tool-Update
2011-11-09 18:23 - 2011-11-09 18:23 - 0000000 ____D C:\Users\Owner\Downloads\MW2 Patches
2011-11-09 18:23 - 2011-07-13 14:09 - 0000000 ____D C:\Users\Owner\Downloads\MW2
2011-11-09 18:20 - 2011-11-09 18:20 - 5562336 ____A C:\;Users\Owner\Downloads\MW2PHBTE.rar
2011-11-09 18:11 - 2011-11-09 18:10 - 8895488 ____A C:\Users\Owner\Downloads\mkv2vob249.exe
2011-11-09 16:45 - 2011-11-09 16:45 - 0005980 ___SH C:\Users\Owner\Downloads\Folder.jpg
2011-11-09 16:45 - 2011-11-09 16:45 - 0001911 ___SH C:\Users\Owner\Downloads\AlbumArtSmall.jpg
2011-11-09 14:23 - 2011-11-09 14:22 - 1107368 ____A (Alactro LLC) C:\Users\Owner\Downloads\BestVideoDownloaderSetup-OL.exe
2011-11-09 13:48 - 2011-04-17 22:08 - 0000000 ____D C:\WinTemp
2011-11-08 23:09 - 2011-11-08 23:09 - 44405052 ____A C:\Users\Owner\Downloads\20111108_Tue_Alex.mp3
2011-11-08 23:06 - 2011-11-08 23:06 - 42883158 ____A C:\Users\Owner\Downloads\20111107_Mon_Alex.mp3
2011-11-08 23:04 - 2011-11-08 23:04 - 28285934 ____A C:\Users\Owner\Downloads\20111106_Sun_Alex.mp3
2011-11-08 23:02 - 2011-11-08 23:02 - 47071736 ____A C:\Users\Owner\Downloads\20111104_Fri_Alex.mp3
2011-11-08 23:00 - 2011-11-08 23:00 - 72188680 ____A C:\Users\Owner\Downloads\20111103_Thu_Alex.mp3
2011-11-07 09:53 - 2011-11-07 09:53 - 0005264 ____A C:\Users\Owner\Downloads\2668491500 Cisco Linksys E3000 High Performance Wireless N Router - $70 .html
2011-11-07 09:53 - 2011-11-07 09:53 - 0000000 ____D C:\Users\Owner\Downloads\2668491500 Cisco Linksys E3000 High Performance Wireless N Router - $70 _files
2011-11-07 09:51 - 2011-11-07 09:51 - 0005497 ____A C:\Users\Owner\Downloads\2665033943 Logitech Wireless Racing Wheel for PS3 - $40.html
2011-11-07 09:51 - 2011-11-07 09:51 - 0000000 ____D C:\Users\Owner\Downloads\2665033943 Logitech Wireless Racing Wheel for PS3 - $40_files
2011-11-07 09:49 - 2011-11-07 09:49 - 0004331 ____A C:\Users\Owner\Downloads\2685161204 Playstation 3 (PS3) Sealed - $220 (Broward).html
2011-11-07 09:49 - 2011-11-07 09:49 - 0000000 ____D C:\Users\Owner\Downloads\2685161204 Playstation 3 (PS3) Sealed - $220 (Broward)_files
2011-11-07 09:48 - 2011-11-07 09:48 - 0004626 ____A C:\Users\Owner\Downloads\2675298366 Xbox and Ps3 games - $15 (Will meet at walmart).html
2011-11-07 09:48 - 2011-11-07 09:48 - 0000000 ____D C:\Users\Owner\Downloads\2675298366 Xbox and Ps3 games - $15 (Will meet at walmart)_files
2011-11-07 09:46 - 2011-11-07 09:46 - 0004739 ____A C:\Users\Owner\Downloads\2686372262 Pioneer AVH-P6500DVD-best offer gets it - $99 (Boca Raton).html
2011-11-07 09:46 - 2011-11-07 09:46 - 0000000 ____D C:\Users\Owner\Downloads\2686372262 Pioneer AVH-P6500DVD-best offer gets it - $99 (Boca Raton)_files
2011-11-07 09:45 - 2011-11-07 09:45 - 0006197 ____A C:\Users\Owner\Downloads\Bluetooth Headset 2.1 Extended Battery Life - $24 .html
2011-11-07 09:45 - 2011-11-07 09:45 - 0000000 ____D C:\Users\Owner\Downloads\Bluetooth Headset 2.1 Extended Battery Life - $24 _files
2011-11-04 19:08 - 2011-11-04 19:08 - 0001081 ____A C:\Users\Owner\Desktop\BlackBerry 9530.lnk
2011-11-04 00:45 - 2011-11-04 00:45 - 42925477 ____A C:\Users\Owner\Downloads\20111102_Wed_Alex.mp3
2011-11-01 20:43 - 2011-11-01 20:43 - 44408082 ____A C:\Users\Owner\Downloads\20111101_Tue_Alex.mp3
2011-10-31 19:59 - 2011-10-31 19:59 - 48007129 ____A C:\Users\Owner\Downloads\20111031_Mon_Alex.mp3
2011-10-31 19:55 - 2011-10-31 19:54 - 28283008 ____A C:\Users\Owner\Downloads\20111030_Sun_Alex.mp3
2011-10-29 13:23 - 2011-10-29 13:17 - 44404007 ____A C:\Users\Owner\Downloads\20111028_Fri_Alex.mp3
2011-10-29 06:36 - 2011-10-29 06:36 - 0000000 ____D C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2011-10-29 06:32 - 2011-10-29 06:32 - 0000000 ____D C:\Program Files\MetaGeek
2011-10-29 06:30 - 2011-10-29 06:30 - 0454120 ____A (CBS Interactive) C:\Users\Owner\Downloads\cnet_inSSIDer-Installer-2_0_7_0126_exe.exe
2011-10-29 06:26 - 2011-10-29 06:26 - 2056228 ____A (MetaGeek, LLC) C:\Users\Owner\Downloads\inSSIDer-Installer-2.0.7.0126.exe
2011-10-27 21:31 - 2011-10-27 21:31 - 0118201 ____A C:\Users\Owner\Downloads\Patton.png
2011-10-27 12:07 - 2011-10-27 00:41 - 50406215 ____A C:\Users\Owner\Downloads\20111026_Wed_Alex.mp3
2011-10-27 12:05 - 2011-10-27 12:05 - 44404530 ____A C:\Users\Owner\Downloads\20111027_Thu_Alex.mp3
2011-10-27 09:06 - 2011-10-27 09:06 - 0000921 ____A C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
2011-10-27 06:05 - 2011-10-27 06:05 - 1324458 ____A C:\Users\Owner\Downloads\Castrol_Aug_2011_Save_7_GTX_Family_Rebate.pdf
2011-10-25 21:12 - 2011-10-25 21:10 - 42880337 ____A C:\Users\Owner\Downloads\20111025_Tue_Alex.mp3
2011-10-24 11:30 - 2011-10-24 11:30 - 42880337 ____A C:\Users\Owner\Downloads\20111024_Mon_Alex.mp3
2011-10-24 11:19 - 2011-10-24 11:19 - 28237241 ____A C:\Users\Owner\Downloads\20111023_Sun_Alex.mp3
2011-10-21 22:12 - 2011-10-21 22:12 - 44405784 ____A C:\Users\Owner\Downloads\20111021_Fri_Alex.mp3
2011-10-21 15:32 - 2011-10-21 15:32 - 0165943 ____A C:\Users\Owner\Downloads\189752.htm
2011-10-21 01:39 - 2011-10-21 01:39 - 0337509 ____A C:\Users\Owner\Downloads\vwoiltsb.pdf
2011-10-21 00:14 - 2011-10-16 20:30 - 5985428 ____A C:\Users\Owner\Downloads\a4timingbelt.pdf
2011-10-20 21:41 - 2011-10-20 21:41 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-20 12:05 - 2011-10-20 12:05 - 42880755 ____A C:\Users\Owner\Downloads\20111020_Thu_Alex.mp3
2011-10-19 20:28 - 2011-10-19 20:28 - 42881277 ____A C:\Users\Owner\Downloads\20111019_Wed_Alex.mp3
2011-10-18 18:50 - 2011-10-18 18:44 - 4232905 ____A C:\Users\Owner\Downloads\DBW Injector Removal Procedure.pdf
2011-10-18 18:50 - 2011-10-18 17:59 - 0450917 ____A C:\Users\Owner\Downloads\IQ-adjust-hammer-mod-T.pdf
2011-10-18 17:35 - 2011-10-18 17:35 - 0326757 ____A C:\Users\Owner\Downloads\DBW LLC order form 2011.6.pdf
2011-10-18 17:30 - 2011-09-14 12:48 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Foxit Software
2011-10-18 15:07 - 2011-10-18 15:07 - 3955268 ____A C:\Users\Owner\Downloads\RestoreAmericaPlan.pdf
2011-10-18 13:52 - 2011-10-18 13:52 - 44403067 ____A C:\Users\Owner\Downloads\20111018_Tue_Alex.mp3
2011-10-17 13:52 - 2011-10-17 13:52 - 44396170 ____A C:\Users\Owner\Downloads\20111017_Mon_Alex.mp3
2011-10-17 08:00 - 2011-10-17 08:00 - 28764915 ____A C:\Users\Owner\Downloads\20111016_Sun_Alex.mp3
2011-10-16 14:14 - 2011-10-16 14:14 - 0133827 ____A C:\Users\Owner\Downloads\Copy of Diesel fuel additive version 3.pdf
2011-10-14 21:54 - 2011-10-14 21:54 - 42885248 ____A C:\Users\Owner\Downloads\20111014_Fri_Alex.mp3
2011-10-14 21:48 - 2011-10-13 21:40 - 42861633 ____A C:\Users\Owner\Downloads\20111013_Thu_Alex.mp3
2011-10-14 21:31 - 2011-10-14 10:29 - 0626795 ____A C:\Users\Owner\Downloads\939e199808.pdf
2011-10-13 15:25 - 2011-10-13 15:25 - 42881277 ____A C:\Users\Owner\Downloads\20111012_Wed_Alex.mp3
2011-10-11 12:04 - 2011-10-11 12:04 - 42879083 ____A C:\Users\Owner\Downloads\20111011_Tue_Alex.mp3
2011-10-11 12:01 - 2011-10-11 12:01 - 42881173 ____A C:\Users\Owner\Downloads\20111010_Mon_Alex.mp3
2011-10-10 03:43 - 2011-10-10 03:43 - 33603524 ____A C:\Users\Owner\Downloads\20111009_Sun_Alex.mp3
2011-10-08 15:19 - 2011-10-08 15:19 - 42880755 ____A C:\Users\Owner\Downloads\20111007_Fri_Alex.mp3
2011-10-07 00:18 - 2011-10-07 00:15 - 42923073 ____A C:\Users\Owner\Downloads\20111006_Thu_Alex.mp3
2011-10-07 00:13 - 2011-10-07 00:13 - 48007965 ____A C:\Users\Owner\Downloads\20111005_Wed_Alex.mp3
2011-10-04 14:07 - 2011-10-04 13:03 - 28302548 ____A C:\Users\Owner\Downloads\20111002_Sun_Alex.mp3
2011-10-04 13:58 - 2011-10-04 13:58 - 52232069 ____A C:\Users\Owner\Downloads\20111004_Tue_Alex.mp3
2011-10-04 13:44 - 2011-10-04 13:44 - 44411948 ____A C:\Users\Owner\Downloads\20111003_Mon_Alex.mp3
2011-10-01 06:54 - 2011-10-01 06:54 - 0000000 __SHD C:\found.000
2011-10-01 05:48 - 2011-10-01 05:46 - 0000000 ____D C:\Users\Owner\Downloads\WD MP Essential
2011-10-01 04:18 - 2011-10-01 04:06 - 194529720 ____A C:\Users\Owner\Downloads\PS3UPDAT.PUP
2011-10-01 02:56 - 2011-10-01 02:56 - 42881486 ____A C:\Users\Owner\Downloads\20110930_Fri_Alex.mp3
2011-09-30 01:42 - 2011-09-30 01:42 - 44401395 ____A C:\Users\Owner\Downloads\20110929_Thu_Alex.mp3
2011-09-29 01:54 - 2011-09-29 01:54 - 44408396 ____A C:\Users\Owner\Downloads\20110928_Wed_Alex.mp3
2011-09-28 02:22 - 2011-09-28 02:22 - 0750296 ____A (Adobe Systems Incorporated) C:\Users\Owner\Downloads\install_flashplayer10_chrd_aih.exe
2011-09-27 19:59 - 2011-09-27 19:59 - 44420726 ____A C:\Users\Owner\Downloads\20110927_Tue_Alex.mp3
2011-09-27 05:42 - 2011-09-27 05:42 - 44405888 ____A C:\Users\Owner\Downloads\20110926_Mon_Alex.mp3
2011-09-25 20:53 - 2011-09-25 20:53 - 28280082 ____A C:\Users\Owner\Downloads\20110925_Sun_Alex.mp3
2011-09-23 14:12 - 2011-09-23 14:12 - 44404739 ____A C:\Users\Owner\Downloads\20110923_Fri_Alex.mp3
2011-09-22 19:08 - 2011-09-22 19:08 - 42880337 ____A C:\Users\Owner\Downloads\20110922_Thu_Alex.mp3
2011-09-21 22:05 - 2011-09-21 22:05 - 44407246 ____A C:\Users\Owner\Downloads\20110921_Wed_Alex.mp3
2011-09-21 21:59 - 2011-09-21 21:59 - 42880650 ____A C:\Users\Owner\Downloads\20110920_Tue_Alex.mp3
2011-09-21 16:45 - 2011-09-21 16:45 - 42880964 ____A C:\Users\Owner\Downloads\20110919_Mon_Alex.mp3
2011-09-21 16:00 - 2011-09-21 16:00 - 28764392 ____A C:\Users\Owner\Downloads\20110918_Sun_Alex.mp3
2011-09-17 08:51 - 2011-09-17 08:49 - 0000000 ____D C:\Users\Owner\Downloads\TDI
2011-09-17 00:50 - 2011-09-17 00:50 - 42880337 ____A C:\Users\Owner\Downloads\20110916_Fri_Alex.mp3
2011-09-15 18:22 - 2011-09-15 18:22 - 44405888 ____A C:\Users\Owner\Downloads\20110915_Thu_Alex.mp3
2011-09-15 11:00 - 2011-09-15 11:00 - 0087392 ____A C:\Users\Owner\Downloads\3VWSF29M1YM117665.html
2011-09-15 11:00 - 2011-09-15 11:00 - 0000000 ____D C:\Users\Owner\Downloads\3VWSF29M1YM117665_files
2011-09-15 01:23 - 2011-09-15 01:23 - 44406306 ____A C:\Users\Owner\Downloads\20110914_Wed_Alex.mp3
2011-09-14 14:47 - 2011-09-14 14:47 - 0000000 ____D C:\Users\Owner\AppData\Local\Broadcom
2011-09-14 14:43 - 2011-09-14 14:41 - 0000797 ____A C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
2011-09-14 14:41 - 2009-04-23 08:39 - 0000000 ____D C:\Program Files\ThinkPad
2011-09-14 14:40 - 2011-09-14 14:40 - 0000000 ____D C:\Program Files\DIFX
2011-09-14 14:02 - 2011-04-18 13:16 - 0000000 ____D C:\IBMT61
2011-09-14 12:42 - 2011-05-15 04:11 - 0000000 ____D C:\Users\Owner\AppData\Local\Western Digital
2011-09-14 12:31 - 2011-09-14 12:31 - 0091980 ____A C:\Users\Owner\Downloads\Poliovirus vaccine, SV40, and human cancer.htm
2011-09-14 12:31 - 2011-09-14 12:31 - 0000000 ____D C:\Users\Owner\Downloads\Poliovirus vaccine, SV40, and human cancer_files
2011-09-14 12:30 - 2011-09-14 12:30 - 0488202 ____A C:\Users\Owner\Downloads\sv40.htm
2011-09-14 12:30 - 2011-09-14 12:30 - 0000000 ____D C:\Users\Owner\Downloads\sv40_files
2011-09-13 16:21 - 2011-09-13 16:21 - 44405679 ____A C:\Users\Owner\Downloads\20110913_Tue_Alex.mp3
2011-09-12 16:20 - 2011-09-12 16:20 - 44407873 ____A C:\Users\Owner\Downloads\20110912_Mon_Alex.mp3
2011-09-12 04:34 - 2011-09-12 04:34 - 28279873 ____A C:\Users\Owner\Downloads\20110911_Sun_Alex.mp3
2011-09-10 04:21 - 2011-09-10 04:21 - 44407351 ____A C:\Users\Owner\Downloads\20110909_Fri_Alex.mp3
2011-09-08 20:58 - 2011-09-08 20:58 - 42880337 ____A C:\Users\Owner\Downloads\20110908_Thu_Alex.mp3
2011-09-07 22:21 - 2011-09-07 22:21 - 44405366 ____A C:\Users\Owner\Downloads\20110907_Wed_Alex.mp3
2011-09-06 19:26 - 2011-09-06 19:26 - 42882218 ____A C:\Users\Owner\Downloads\20110906_Tue_Alex.mp3
2011-09-06 01:26 - 2011-09-06 01:26 - 42924118 ____A C:\Users\Owner\Downloads\20110905_Mon_Alex.mp3
2011-09-06 01:23 - 2011-09-06 01:23 - 42924118 ____A C:\Users\Owner\Downloads\20110905_Mon_Alex
2011-09-04 23:18 - 2011-09-04 23:18 - 28283948 ____A C:\Users\Owner\Downloads\20110904_Sun_Alex.mp3
2011-09-03 22:40 - 2011-09-03 22:39 - 20408706 ____A C:\Users\Owner\Downloads\Hex_Workshop_Professional_6.5.1.5060.rar
2011-09-02 13:58 - 2011-09-02 13:58 - 44406097 ____A C:\Users\Owner\Downloads\20110902_Fri_Alex.mp3
2011-09-02 10:38 - 2011-09-02 10:38 - 0094483 ____A C:\Users\Owner\Downloads\mk3256gsy_datasheet.pdf
2011-09-01 22:08 - 2011-09-01 22:08 - 44405784 ____A C:\Users\Owner\Downloads\20110901_Thu_Alex.mp3
2011-08-31 18:41 - 2011-08-31 18:41 - 0035840 ____A C:\Users\Owner\Downloads\Gold_Stocks.xls
2011-08-31 18:33 - 2011-08-31 18:31 - 44403903 ____A C:\Users\Owner\Downloads\20110831_Wed_Alex.mp3
2011-08-30 16:40 - 2011-08-30 16:40 - 42880232 ____A C:\Users\Owner\Downloads\20110830_Tue_Alex.mp3
2011-08-29 17:34 - 2011-08-29 17:34 - 50367135 ____A C:\Users\Owner\Downloads\20110829_Mon_Alex.mp3
2011-08-28 17:17 - 2011-08-28 17:17 - 28280500 ____A C:\Users\Owner\Downloads\20110828_Sun_Alex.mp3
2011-08-26 14:46 - 2011-08-26 14:46 - 50367135 ____A C:\Users\Owner\Downloads\20110826_Fri_Alex.mp3
2011-08-26 00:15 - 2011-08-26 00:15 - 42925059 ____A C:\Users\Owner\Downloads\20110825_Thu_Alex.mp3
2011-08-24 17:48 - 2011-08-24 17:48 - 42884621 ____A C:\Users\Owner\Downloads\20110824_Wed_Alex.mp3
2011-08-23 19:34 - 2011-08-23 19:34 - 44405888 ____A C:\Users\Owner\Downloads\20110823_Tue_Alex.mp3
2011-08-22 14:36 - 2011-08-22 14:36 - 44404843 ____A C:\Users\Owner\Downloads\20110822_Mon_Alex.mp3

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4029.34 MB
Available physical RAM: 3449.29 MB
Total Pagefile: 3759.27 MB
Available Pagefile: 3426.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:93.16 GB) (Free:27.18 GB) NTFS ==>[Boot] ==>[OS]
2 Drive d: (2008.03.29_2201) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF ==>[Boot]
3 Drive e: () (Removable) (Total:7.48 GB) (Free:0.22 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 93 GB 1024 KB

Partition 1
Hidden: No
Active: Yes Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 93 GB Healthy

==========================================================

Last Boot: 2011-11-18 08:45

======================= End Of Log ==========================

BTW 1 last piece of info: my bud said it had the AV 2012 bug.
Also he used Kaspersky's offline scanner, which is probably what removed consrv.

Any Help at all Would be much Appreciated.
Tnx again, Take Care God Bless & Stay Safe,
__________________________________________i4Cit

Attached Files


Edited by i4Cit, 19 November 2011 - 09:22 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 21 November 2011 - 01:29 PM

Hello i4Cit,

Welcome to Bleeping Computer. I understand you have boot issue. Please shortly tell me if you have still the issue.

#3 i4Cit

i4Cit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 21 November 2011 - 08:31 PM

Hello Farbar,

Thank U for responding rather quickly considering how busy the Site seems,
as well as the recent rash of Malware.

Yes I'm Still having the same issue as a few others as well.
From what I've been reading & consultations with my Bud, (who said "it's Yours" & purchased a new 1)
it would seem as though it more than likely has the AV2012,
with a no-access RK as well as a Ping.exe overflow/loop.
As stated earlier, unfortunately I don't have the time @ present to learn & Chase down this bug on my own.
Your wisdom & insight in this matter would be Extremely appreciated.
I hope to have more time after the holiday season to learn.
(For if U Teach a man to fish.....)
Hell! I had resided to throw in a temp drive with XP till help would arrive.
It was the fastest solution to see if this T61 warranted further time
(ie. Possible hardware fault. Hey U never know what headache U might inherit).

So Whenever U are ready I'm all ears....

Thanks(again) in Advance for Your Valuable Time.

Take Care, God Bless & Stay Safe,
________________________________i4Cit

Edited by i4Cit, 22 November 2011 - 06:34 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 22 November 2011 - 03:36 AM

Allright i4Cit. :thumbup2:

Please post the log as it is without making it bold. Also please do the same in case you give me feedback. Somehow my eyes hurts when I read bold text.:)

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 22 November 2011 - 03:38 AM

Hi i4Cit,

After doing the fix in the last post please restart and let the computer boot normally. We still need to remove the eventual leftovers after it booted.

Please let me know if you could boot.

#6 i4Cit

i4Cit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 November 2011 - 06:17 PM

Hello Farbar,

Allright i4Cit. :thumbup2:

Please post the log as it is without making it bold. Also please do the same in case you give me feedback. Somehow my eyes hurts when I read bold text.:)

Ahh to be young....Sorry for the Bold, It's habit now as U'll most likely see when U hit your 50's.
Some say 40's, call it luck for me I guess, staring at CRTs since the late/early 60's/70's...ehh, I digress...
Let's just say it's easier to read when on a white background for me & leave it at that.
(Have to admit LCD's are definitely easier on these ol' eyes)

Ran fixlist.txt with success from the recovery CD's CMD prompt.

Here's the Readout:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.9)
Ran by SYSTEM at 2011-11-22 15:38:58 R:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

==== End of Fixlog ====

Forgot to mention earlier...Extremely nifty tool U created :thumbup2:....

Anyway Huston we have liftoff :thumbsup:...(Boot normal mode...Yea!)

Suffice to say suspicions were confirmed with regards to Kaspersky.

1st saw briefly a cmd window with uninstall as title.
Briefly because it closed & left 4.5 windows open.

Out of the 4.5 we 1st have 2 RunDLL critical fail message windows.
They are as follows:

1) "Error loading C:\Windows\system32\NvCpl.dll
The specified module could not be found."

&

2) "Error loading C:\Windows|system32\NvMcTray.dll
The specified module could not be found."
(Seems some of the Nvidia drivers are corrupt/missing.)

3rd window is a stuck Kaspersky virus removal tool.(Related to the Uninstall Cmd window no doubt)
it reads: "Kaspersky Virus Removal Tool is being installled...
Please wait..."
(I say stuck because the blue dash has stopped almost @ the beginning of the bar.)
Here's where the .5 comes in.
In addition to the Kas box there's a caution box that states:

"AVPTool installation failed" (as header)
"Please try to reboot your computer.
Error message is Failed to rename kl1."

4th is the dreaded Windows Activation.

"An unauthorized change was made to Windows."

"You must re-type your Windows Vista Ultimate product key to activate..."(U get the Picture.)

Not sure of the Key since this T61 was upgraded from Vista Business 32 to Ultimate 64.
Anyway bud doesn't know location of U64 key at the moment & the 1 on the bottom is worn & illegible.

Well in a nutshell, that's it.
Many Tnx in getting it to boot.(Did I mention? U da Man! :clapping: B) )

I eagerly sit & wait for further pearls of wisdom as to what U'd like to run next.
Mini toolbox? Mbab? Combo Fix? TDSSkiller?

In the meantime please peruse the posted DDS log as well as Attach.zip & LMK our next move.
(BTW have already run defogger as per Prep guide & Attached log as well.)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19019
Run by Owner at 17:21:54 on 2011-11-22
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4029.2716 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\ehome\ehtray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\taskeng.exe
C:\Users\Owner\AppData\Local\Temp\RarSFX1\3383758.exe
C:\Windows\system32\SLUI.exe
C:\Windows\System32\SLLUA.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=101706
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe"
mRun: [Windows Defender] %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide
mRun: [LPManager] C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe
mRun: [LPMailChecker] C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun: [SoundMAXPnP] "C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
mRun: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
mRun: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
mRun: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Owner\AppData\Local\Temp\_uninst_.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.67.1
TCP: Interfaces\{41A510ED-92FC-410A-9D88-2A10F04342CC} : DhcpNameServer = 10.0.85.1
TCP: Interfaces\{483FFB7A-7C87-4806-8E66-45C020BCF2C7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C5F04170-34D2-4B12-A56D-6D799315964C} : DhcpNameServer = 10.0.67.1
BHO-X64: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO-X64: Password Manager Browser Helper Object - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe"
mRun-x64: [Windows Defender] %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide
mRun-x64: [LPManager] C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe
mRun-x64: [LPMailChecker] C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe
mRun-x64: [TpShocks] TpShocks.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SoundMAXPnP] "C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
mRun-x64: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
mRun-x64: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
mRun-x64: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-8-1 125424]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2008-10-24 58736]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S0 NVStrap;NVStrap;C:\Windows\system32\drivers\NVStrap.sys --> C:\Windows\system32\drivers\NVStrap.sys [?]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [2008-8-13 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-8-13 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-8-13 170480]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-5-8 745472]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-4-23 19968]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [2008-8-13 313840]
S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-8-13 1124848]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.txt=
.
=============== Created Last 30 ================
.
2011-11-19 07:56:25 -------- d-----w- C:\FRST
2011-11-19 05:59:05 0 ----a-w- C:\Windows\SysWow64\consrv.dll
2011-11-19 05:58:06 0 ----a-w- C:\Windows\System32\consrv.dll
2011-11-18 16:24:18 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-17 06:42:48 5018 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-11-15 21:51:40 77824 ----a-w- C:\ProgramData\2jFf5J64.exe_
2011-11-15 21:51:40 77824 ----a-w- C:\ProgramData\2jFf5J64.exe
2011-11-15 21:44:29 31744 ----a-w- C:\Windows\SysWow64\S6ovG.com.old
2011-11-13 18:28:23 -------- d-----w- C:\ProgramData\Auslogics
2011-11-11 22:02:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-11 21:18:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-11 20:23:26 -------- d-----w- C:\Windows\System64
2011-10-29 14:36:54 -------- d-----w- C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2011-10-29 14:32:07 -------- d-----w- C:\Program Files\MetaGeek
.
==================== Find3M ====================
.
2011-04-22 12:09:08 399736 ----a-w- C:\Program Files (x86)\utorrent.exe
.
============= FINISH: 17:22:09.93 ===============

Thanking U in advance for Your Valuable time.
Take Care, God Bless & Stay Safe,
______________________________i4Cit

Attached Files


Edited by i4Cit, 22 November 2011 - 06:51 PM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 23 November 2011 - 12:34 AM

Great. :thumbsup:

Well done. :thumbup2:

Thanks for using the normal lay out.:)

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Please go to Start => All Programs (or Programs) => Startup. If there is a _uninst_ shortcut delete it.
  • Run Command Prompt as administrator:
    • Click on Start button.
    • Type Cmd in the Start Search text box.
    • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.

      Type the following command and press Enter: netsh winsock reset
    • You should get notified that it was successful. Restart the computer.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#8 i4Cit

i4Cit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 23 November 2011 - 03:04 AM

Hello farbar,

No problem or Tnx necessary on the Normal layout.
I figured if U're kind enough to help those of us in need,
Then we should then be able to follow simple directions, No? :whistle: :lmao:

Anyway back to the Problem at hand.

As per Your Removal Ins.

1). Found it & deleted.

2). Successful....Upon reboot Wireless Network is now working.

3). Done here's the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8222

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

11/23/2011 1:48:17 AM
mbam-log-2011-11-23 (01-48-17).txt

Scan type: Quick scan
Objects scanned: 171475
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\2jFf5J64.exe (Trojan.Email) -> Quarantined and deleted successfully.
c:\programdata\2jff5j64.exe_ (Trojan.Email) -> Quarantined and deleted successfully.
c:\Windows\System32\s6ovg.com.old (Trojan.Email) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\s6ovg.com.old (Trojan.Email) -> Quarantined and deleted successfully.
c:\Users\Owner\downloads\av security 2012v121.exe.old (Trojan.FakeMS1) -> Quarantined and deleted successfully.



4). After required reboot ran OTL here's the C&P:


OTL logfile created on: 11/23/2011 1:58:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 74.24% Memory free
9.72 Gb Paging File | 8.63 Gb Available in Paging File | 88.74% Paging File free
Paging file location(s): c:\pagefile.sys 6050 6050 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.16 Gb Total Space | 26.35 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive D: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.48 Gb Total Space | 0.08 Gb Free Space | 1.13% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/19 15:08:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/01/24 12:28:10 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/08/22 13:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/01/29 02:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/10/24 11:32:46 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/08/10 02:05:54 | 000,080,368 | ---- | M] () -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
PRC - [2008/08/01 10:59:26 | 000,125,424 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/22 13:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
MOD - [2008/08/10 02:05:54 | 000,080,368 | ---- | M] () -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/24 12:28:10 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/13 13:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2008/10/24 11:32:46 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2008/09/29 09:18:00 | 000,045,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2008/01/18 23:06:52 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/18 23:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/06 12:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/01/30 11:08:52 | 000,135,216 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\SysNative\IPSSVC.EXE -- (IPSSVC)
SRV - [2011/03/31 22:02:34 | 000,745,472 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 23:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/13 23:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/13 23:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/13 23:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2008/08/13 23:23:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/01 10:59:26 | 000,125,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2007/01/24 14:11:46 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/01/24 14:11:34 | 000,206,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/20 02:00:33 | 000,013,808 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NVStrap.sys -- (NVStrap)
DRV:64bit: - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/01/13 13:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Apsx64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 13:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/04/08 22:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/15 12:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 12:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 12:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/04/23 17:10:42 | 000,035,904 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psadd.sys -- (psadd)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/07 13:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/13 14:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/10/06 12:27:08 | 000,295,984 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/09/29 09:17:40 | 000,029,224 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2008/08/01 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2008/08/01 00:00:00 | 000,026,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2008/08/01 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/05 17:43:28 | 000,318,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/02/22 14:54:24 | 000,041,024 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2008/02/21 09:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/18 23:09:00 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2008/01/18 21:47:14 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/10/04 16:13:56 | 000,457,728 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007/07/27 18:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 19:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/06 16:26:32 | 000,012,592 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PROCDD.SYS -- (PROCDD)
DRV:64bit: - [2006/10/04 21:13:38 | 000,585,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2006/09/18 16:38:12 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2006/09/18 16:38:12 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2006/09/18 16:38:12 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV - [2011/04/20 02:00:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/08/11 09:53:16 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.palemoon.org/download-v4.shtml [binary data]
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=101706
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 1D 91 55 E1 FB CB 01 [binary data]
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: FantapperExtension@brandaffinity.net:1.0.7


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 3.6.26\extensions\\Components: C:\Program Files (x86)\Pale Moon\components [2011/11/13 16:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 3.6.26\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins [2011/11/04 02:50:17 | 000,000,000 | ---D | M]

[2011/11/18 00:10:27 | 000,001,597 | ---- | M] () -- \Users\Owner\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\q0m5pbn9.default\searchplugins\ixquick-https.xml
[2011/11/18 00:10:31 | 000,001,575 | ---- | M] () -- \Users\Owner\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\q0m5pbn9.default\searchplugins\ixquick.xml
[2011/11/18 00:10:20 | 000,005,526 | ---- | M] () -- \Users\Owner\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\q0m5pbn9.default\searchplugins\startpage-https.xml
[2011/06/09 20:20:31 | 000,002,325 | ---- | M] () -- \Users\Owner\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\q0m5pbn9.default\searchplugins\startpage-ssl.xml
[2011/11/18 00:10:27 | 000,005,457 | ---- | M] () -- \Users\Owner\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\q0m5pbn9.default\searchplugins\startpage.xml
[2011/11/11 14:20:12 | 000,000,000 | ---D | M] (Fantapper) -- C:\USERS\OWNER\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\Q0M5PBN9.DEFAULT\EXTENSIONS\FANTAPPEREXTENSION@BRANDAFFINITY.NET

Hosts file not found
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup File not found
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit File not found
O4 - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe File not found
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\All Users\1VjM2R.dat ()
O4 - Startup: C:\Users\All Users\2jFf5J64.exe.b ()
O4 - Startup: C:\Users\All Users\2jFf5J64.exe_.b ()
O4 - Startup: C:\Users\All Users\Adobe [2011/06/22 01:57:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 10:41:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Auslogics [2011/11/13 13:28:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 10:41:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 10:41:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\eSellerate [2009/04/23 16:31:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 10:41:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2009/04/23 16:23:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\InstallShield [2009/04/23 16:39:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab [2011/11/18 11:24:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Lenovo [2011/08/14 09:48:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011/11/23 01:40:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011/04/26 05:24:24 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011/07/17 06:25:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOS [2010/08/14 15:46:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA [2011/04/24 11:01:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\nvModes.001 ()
O4 - Startup: C:\Users\All Users\nvModes.dat ()
O4 - Startup: C:\Users\All Users\PCDr [2011/04/17 15:54:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Roxio [2010/08/21 08:55:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SmartSound Software Inc [2009/04/23 16:47:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sonic [2011/11/17 02:13:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/11/11 17:07:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 10:41:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/04/07 18:18:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/05/15 07:00:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2011/11/18 11:02:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 10:41:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Uninstall [2009/04/23 16:48:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Western Digital [2009/12/25 09:34:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Windows Genuine Advantage [2010/09/06 00:14:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2009/11/21 19:00:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WinZip [2010/09/08 22:31:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958} [2009/04/23 17:25:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 08:33:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 10:41:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 07:34:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 10:41:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\.ssh [2011/04/18 02:56:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Owner\AppData [2009/04/23 07:16:37 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Owner\Application Data [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Contacts [2009/04/23 07:16:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\Cookies [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\defogger_reenable ()
O4 - Startup: C:\Users\Owner\Desktop [2011/11/23 01:58:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\Documents [2011/07/17 06:25:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\Downloads [2011/11/23 01:58:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\Favorites [2011/04/16 16:58:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\GetRadio_1.3.9-Setup_regnow.exe (Ramka Ltd. )
O4 - Startup: C:\Users\Owner\Links [2006/11/02 07:34:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\Local Settings [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Music [2011/08/17 17:47:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\NetHood [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\NTUSER.DAT ()
O4 - Startup: C:\Users\Owner\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Owner\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Owner\ntuser.dat_previous ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{0a08569f-c285-11e0-9bd7-001c26f5ac00}.TM.blf ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{0a08569f-c285-11e0-9bd7-001c26f5ac00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{0a08569f-c285-11e0-9bd7-001c26f5ac00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{3797b6d3-ec6b-11e0-b774-001c26f5ac00}.TM.blf ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{3797b6d3-ec6b-11e0-b774-001c26f5ac00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{3797b6d3-ec6b-11e0-b774-001c26f5ac00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{79e6e12e-c683-11e0-94d0-001c26f5ac00}.TM.blf ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{79e6e12e-c683-11e0-94d0-001c26f5ac00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{79e6e12e-c683-11e0-94d0-001c26f5ac00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{a9e41608-c682-11e0-b1f5-001c26f5ac00}.TM.blf ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{a9e41608-c682-11e0-b1f5-001c26f5ac00}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Owner\NTUSER.DAT{a9e41608-c682-11e0-b1f5-001c26f5ac00}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Owner\ntuser.ini ()
O4 - Startup: C:\Users\Owner\photorec.cfg ()
O4 - Startup: C:\Users\Owner\Pictures [2010/09/06 22:06:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\PrintHood [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Recent [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Saved Games [2006/11/02 07:34:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Owner\Searches [2010/02/17 21:37:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Owner\SendTo [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Start Menu [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Templates [2009/04/23 07:14:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Owner\Videos [2011/04/04 20:40:17 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2011/11/23 01:40:43 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011/06/22 02:10:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006/11/02 10:24:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 07:34:32 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006/11/02 10:24:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 10:24:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/06/20 04:25:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2006/11/02 10:24:55 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1289475914-1473699787-893307275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.67.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A510ED-92FC-410A-9D88-2A10F04342CC}: DhcpNameServer = 10.0.85.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{483FFB7A-7C87-4806-8E66-45C020BCF2C7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5F04170-34D2-4B12-A56D-6D799315964C}: DhcpNameServer = 10.0.67.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1140d2e9-1b4e-11df-a119-806e6f6e6963}\Shell\Auto\command - "" = Setup.exe
O33 - MountPoints2\{1140d2e9-1b4e-11df-a119-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe
O33 - MountPoints2\{44440157-de61-11e0-8c73-001c26f5ac00}\Shell - "" = AutoRun
O33 - MountPoints2\{44440157-de61-11e0-8c73-001c26f5ac00}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{7668f5d8-cbf7-11de-bad2-001c26f5ac00}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{83d089a0-eeb3-11de-bf5f-001c26f5ac00}\Shell - "" = AutoRun
O33 - MountPoints2\{83d089a0-eeb3-11de-bf5f-001c26f5ac00}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b2e49007-5b3f-11de-ab6e-001c26f5ac00}\Shell - "" = AutoRun
O33 - MountPoints2\{b2e49007-5b3f-11de-ab6e-001c26f5ac00}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 01:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 01:40:39 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/23 01:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/19 02:56:25 | 000,000,000 | ---D | C] -- C:\FRST
[2011/11/19 02:56:25 | 000,000,000 | ---D | C] -- \FRST
[2011/11/18 11:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/13 13:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2011/11/11 17:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/11 16:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/11 15:23:26 | 000,000,000 | ---D | C] -- C:\Windows\System64
[2011/10/29 09:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2011/10/29 09:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2011/10/27 12:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2011/04/22 07:25:24 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files (x86)\utorrent.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/23 01:58:25 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/23 01:52:16 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/23 01:52:04 | 000,000,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 01:52:04 | 000,000,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 01:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 01:50:32 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/23 01:40:43 | 000,000,932 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/23 01:40:43 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 17:19:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2011/11/19 00:59:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\consrv.dll
[2011/11/19 00:58:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\consrv.dll
[2011/11/17 01:39:06 | 002,342,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/16 19:54:48 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI.old
[2011/11/16 19:54:48 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat.old
[2011/11/16 19:54:48 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat.old
[2011/11/16 19:50:21 | 000,025,224 | ---- | M] () -- C:\Windows\SysNative\PROCDB.INI.old
[2011/11/16 19:49:54 | 000,000,380 | ---- | M] () -- C:\Windows\SysNative\IPSCtrl.INI.old
[2011/11/16 16:29:24 | 000,002,477 | ---- | M] () -- C:\Users\Public\Desktop\inSSIDer 2.0.lnk
[2011/11/15 16:51:42 | 000,000,112 | ---- | M] () -- C:\ProgramData\1VjM2R.dat
[2011/11/15 16:51:40 | 000,000,001 | ---- | M] () -- C:\ProgramData\2jFf5J64.exe_.b
[2011/11/15 16:51:40 | 000,000,001 | ---- | M] () -- C:\ProgramData\2jFf5J64.exe.b
[2011/11/11 16:58:56 | 002,342,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT.old
[2011/11/11 16:02:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C0CD5F55-EE33-4308-88E8-A2B1C7C621F5}.job
[2011/10/27 12:06:58 | 000,000,945 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2011/10/27 12:06:58 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 01:40:43 | 000,000,932 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/23 01:40:43 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 17:19:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2011/11/22 15:44:48 | 000,000,736 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 15:44:48 | 000,000,736 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 00:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\consrv.dll
[2011/11/19 00:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\consrv.dll
[2011/11/17 01:36:51 | 002,342,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/15 16:51:40 | 000,000,001 | ---- | C] () -- C:\ProgramData\2jFf5J64.exe_.b
[2011/11/15 16:51:40 | 000,000,001 | ---- | C] () -- C:\ProgramData\2jFf5J64.exe.b
[2011/11/15 16:44:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
[2011/10/29 09:32:07 | 000,002,477 | ---- | C] () -- C:\Users\Public\Desktop\inSSIDer 2.0.lnk
[2011/10/27 12:06:58 | 000,000,945 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2011/10/27 12:06:58 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2011/05/20 11:39:27 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/08 12:04:42 | 000,745,472 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe
[2010/02/16 18:30:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/09/23 17:46:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 17:45:42 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 17:45:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/23 17:44:51 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/05 16:05:08 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/05 14:01:36 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/23 15:51:21 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/04/23 14:01:08 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009/04/23 14:01:06 | 000,333,257 | RHS- | C] () -- \bootmgr
[2009/04/23 13:06:30 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/23 07:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/04/23 07:13:42 | 000,171,136 | RHS- | C] () -- \grldr
[2008/08/01 08:16:24 | 000,063,984 | ---- | C] () -- C:\Windows\DVDRGN.EXE
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Just for the hell of it since I don't know the background on this 1,
I took a 90 day OTL scan as well.
I will post as Attachments just in case.


As for the Laptop upon boot we still have the issue with Activation.
boot hung on Window that popped up asking to activate...chose later... then finished booting to desktop.
Now have the not genuine notation in lower right corner. <_<

Still have the Missing Nvidia .dll's from last post:

1). nvmctray.dll - Media center library

2). NvCpl.dll - Display properties extension

Riva tuner popped up a properties window as well.
pushed ok but seems to pop up upon subsequent reboot.

My buddy must have done a pretty good job of removing the AV2012.
Upon 1st boot after fix there was no sign of it.
He said he spent sometime deleting a few thousand folders under AppData Roaming,
as well as many bogus keys before he gave up.
I don't have the heart to tell him it was that easy to get it to boot as well as he was almost home.
I think he just wanted an excuse to get a new laptop but had to justify to the misses that he tried.
IOW he messed with it :busy: till she said "Why don't U just go get a new 1", Bam! :woot: what he was waiting for.
No complaints here I already have the big brother T61P, last of the greats from IBM....
Hey I'm not gonna look a gift horse in the mouth...

Oh well back to the grind...
1 last note before the BSOD while he was in safe mode,
he said the ping command was eating up processing power & slowing down sys.
I see no evidence to the fact in task manager so maybe he got the ping bug out DK?

...awaiting further pearls here.
Please LMK what U would like next...

Thanks in advance for Your Valuable time.
Take Care, God Bless & Stay Safe,
______________________________i4Cit...

Attached Files


Edited by i4Cit, 23 November 2011 - 04:07 AM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 23 November 2011 - 07:58 AM

Well done.

Please don't run any other scan unless it is requested.

We need to install an antivirus next round to give you some protection.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#10 i4Cit

i4Cit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 25 November 2011 - 04:27 PM

Hello farbar,

Hope this finds that U & Yours had a wonderful Thanksgiving.

Sorry for the delay but had a problem with Internet that wasn't resolved till this afternoon.

Also had the family to deal with, holiday season & All. :blink: :crazy: :dance::)

No worries won't run anything that U don't request.
I just saw the option of going back further with OTL & figured it can't hurt.

As for the Log will have to attach since post was too long with it.
(It's 186k uncompressed)

Common sense dictates a reboot but, U didn't specify, so I will await your Ins.
(not sure if U want to run something else before reboot.)

The Nvidia .dll's disappeared after running combofix but,
the Dreaded Reg window came up.

Will await your next move.
Thanks in advance for all of Your help as well as Your Valuable time.

Take Care, God Bless & Stay Safe,
______________________________i4Cit

Attached Files



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 25 November 2011 - 04:53 PM

Hello i4Cit,

You may reboot now.

the Dreaded Reg window came up.

You mean the Windows activation?

#12 i4Cit

i4Cit
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 25 November 2011 - 05:34 PM

You mean the Windows activation?


Yes, The Same Window I've been seeing since 1st normal boot.

To reiterate an earlier post it says:

"An unauthorized change was made to Windows."

"You must re-type your Windows Vista Ultimate product key to activate..."(U get the Picture.)
I Now have the not genuine notation in lower right corner.

Not sure of the Key since this T61 was upgraded from Vista Business 32 to Ultimate 64.
Anyway bud doesn't know location of U64 key at the moment & the 1 on the bottom is worn & illegible.

Also the System64 folder is still named SysWOW64.
LMK what U want to run next...

Thanks in Advance for your Valuable time.
Take Care, God Bless & Stay Safe,
______________________________i4Cit

Edited by i4Cit, 25 November 2011 - 05:41 PM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 26 November 2011 - 04:21 AM

SysWOW64 is a legit folder in x64 systems.

You need to install an antivirus program to have a proper protection. I recommend this good free antivirus:

Avira
  • Download the installer from softpedia.com link as it has a secure download mirror.
  • Install it but if it asked you to install any additional toolbar select no or uncheck the option.
  • Update it then let it scan the computer and remove what it finds.
  • Copy and paste the content of the report to your reply.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 06 December 2011 - 06:15 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users