Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection with Windows XP Home Security 2012 Virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 dharmabum

dharmabum

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 11 January 2012 - 11:25 AM

Hi,

My computer was infected with the Windows XP Home Security 2012 Virus two days ago. I was able to follow instructions to download Malwarebytes' Anti-Malware software and run multiple scans. At this point, the software scan has been able to pick out a number of trojan files which I deleted but I continue to get frequent popup messages from Malwarebytes alerting me that the antivirus has blocked attempts to connect to numerous IP addresses. I also notice that Windows Defender is unable to update its virus definitions, which I assume is due to undetected files or changes made by the virus. I was not able to successfully run DDS so I rant OTX instead. I have attached the files from the OTL and GMER scans. Below is the text of my OTL.txt file. Any help is appreciated. Thanks in advance.

OTL logfile created on: 1/10/2012 10:00:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Yehoshua Yaakov\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 44.79% Memory free
2.11 Gb Paging File | 1.36 Gb Available in Paging File | 64.43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.42 Gb Total Space | 20.00 Gb Free Space | 38.90% Space Free | Partition Type: NTFS
Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: JOSHUAJACOB | User Name: Yehoshua Yaakov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 22:00:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yehoshua Yaakov\My Documents\Downloads\OTL.exe
PRC - [2012/01/09 07:58:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/20 08:41:22 | 004,010,160 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/10/09 10:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/06/19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/10/10 14:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006/10/12 14:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2005/09/15 13:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 03:08:00 | 000,745,472 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2005/09/06 03:08:00 | 000,086,016 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/09/06 03:08:00 | 000,081,920 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/08/29 14:15:02 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/08/08 13:01:40 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/08/02 19:06:54 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/08/02 18:56:48 | 002,364,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
PRC - [2005/08/02 18:52:40 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
PRC - [2005/08/02 18:17:30 | 000,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/07/07 15:22:54 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/17 01:53:54 | 000,770,048 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\Kerberos\leash32.exe
PRC - [2004/09/17 01:49:06 | 000,122,880 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\Kerberos\krbcc32s.exe
PRC - [2004/07/22 05:01:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2003/08/06 16:08:00 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2002/10/08 22:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2002/03/14 19:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2002/02/22 15:30:00 | 000,040,960 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\MIT\KLP\klptray.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 07:58:35 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/20 08:41:03 | 019,900,928 | ---- | M] () -- C:\Program Files\Spotify\Data\libcef.dll
MOD - [2011/11/29 00:47:57 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/21 09:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/11/19 11:26:12 | 002,174,976 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2009/11/19 11:18:16 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2009/11/19 11:14:38 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2009/11/19 11:14:38 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2009/11/19 11:14:38 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/19 11:14:36 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/19 17:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005/09/06 19:50:36 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2005/09/06 19:50:32 | 000,065,536 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\TrayRes.dll
MOD - [2005/09/01 02:21:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/08/29 14:15:02 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
MOD - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/08/02 19:06:54 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/08/02 19:03:56 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/08/02 19:01:04 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/08/02 19:00:58 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/08/02 18:58:08 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/07/12 10:53:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/16 22:23:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2005/04/20 01:38:00 | 000,396,288 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL
MOD - [2004/09/17 01:53:14 | 000,002,560 | ---- | M] () -- C:\Program Files\Kerberos\krb524.dll
MOD - [2004/03/23 03:33:30 | 000,176,128 | ---- | M] () -- C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll
MOD - [2004/01/09 09:10:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll
MOD - [2003/08/11 07:30:31 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2003/07/04 02:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/10/08 22:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/10/09 10:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/06/19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/10/10 14:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/09/06 03:08:00 | 000,081,920 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/08/02 18:17:30 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2012/01/10 21:41:06 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DE4E812-554C-4A1C-B2FD-8BAFA211E02D}\MpKsl17bb7210.sys -- (MpKsl17bb7210)
DRV - [2012/01/10 21:29:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DE4E812-554C-4A1C-B2FD-8BAFA211E02D}\MpKsl80f82655.sys -- (MpKsl80f82655)
DRV - [2012/01/10 21:13:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DE4E812-554C-4A1C-B2FD-8BAFA211E02D}\MpKsle9a4c878.sys -- (MpKsle9a4c878)
DRV - [2012/01/10 20:58:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DE4E812-554C-4A1C-B2FD-8BAFA211E02D}\MpKsl794396a0.sys -- (MpKsl794396a0)
DRV - [2012/01/10 08:50:38 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DE4E812-554C-4A1C-B2FD-8BAFA211E02D}\MpKsl0195ac6e.sys -- (MpKsl0195ac6e)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/09 09:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/06/19 17:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/01/09 14:04:42 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/06 03:08:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/09/06 03:08:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/06 03:08:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/08/31 02:40:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/08/31 01:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/08/31 01:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/08/02 18:15:38 | 000,013,184 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/08/02 17:40:56 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/07/22 23:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 21:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/28 08:26:02 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/05/25 21:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 01:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 01:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/11 16:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 16:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/11/01 06:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/18 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 16:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 07:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 00:22:16 | 000,000,000 | ---D | M]

[2008/08/08 13:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Extensions
[2012/01/08 21:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Firefox\Profiles\7y0y5ko0.default\extensions
[2011/10/17 08:04:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Firefox\Profiles\7y0y5ko0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/01/09 16:14:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Firefox\Profiles\7y0y5ko0.default\extensions\moveplayer@movenetworks.com
[2011/11/10 18:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/30 08:55:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\YEHOSHUA YAAKOV\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7Y0Y5KO0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/09 07:58:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/19 13:44:52 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 07:13:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:10:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FRYMXINS] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot File not found
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (Lenovo)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (Lenovo)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SetupWizard] D:\SetupWIZ\SetupWizard.exe reboot File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe (Massachusetts Institute of Technology)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe (Massachusetts Institute of Technology)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader.cab (MySpace Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www.lenovo.com/support/access/aslibmain/content/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EC350A-F462-4DF0-843A-9DAE32D8D55F}: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) -C:\WINDOWS\System32\tvt_gina.dll (IBM)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (Lenovo)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/23 15:42:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38ba75ca-7f31-11db-b6fa-000e358fc6d1}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{53f39dee-71dd-11dc-b841-000e358fc6d1}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{588da6f8-ed62-11e0-bb11-000e358fc6d1}\Shell - "" = AutoRun
O33 - MountPoints2\{588da6f8-ed62-11e0-bb11-000e358fc6d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{588da6f8-ed62-11e0-bb11-000e358fc6d1}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
O33 - MountPoints2\{af85dd50-54b2-11da-b51c-000e358fc6d1}\Shell\AutoRun\command - "" = E:\ggb6w.exe
O33 - MountPoints2\{af85dd50-54b2-11da-b51c-000e358fc6d1}\Shell\open\Command - "" = E:\ggb6w.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 08:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Malwarebytes
[2012/01/10 03:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/10 03:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/09 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/09 23:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/09 23:42:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/09 23:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 08:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3ivx
[2011/12/20 08:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2011/12/20 08:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2011/12/20 08:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/12/15 21:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/15 21:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/01/10 21:46:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/10 21:43:07 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/01/10 21:42:13 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/10 21:40:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 21:40:51 | 1609,486,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 20:47:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\defogger_reenable
[2012/01/10 07:27:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/10 02:52:33 | 104,857,600 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\My Documents\SecureDrive.vol
[2012/01/09 23:44:33 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 23:37:15 | 000,014,686 | -HS- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2012/01/09 23:37:15 | 000,014,686 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2011/12/28 23:04:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Microsoft Office Word 2003.lnk
[2011/12/27 16:56:26 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 16:52:51 | 000,025,019 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Dr. Elmo.jpg
[2011/12/23 11:46:51 | 000,401,652 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 11:46:51 | 000,061,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/20 08:23:29 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2011/12/20 08:22:34 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2011/12/15 21:13:21 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/15 20:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/15 18:05:37 | 001,552,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:10:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/01/10 20:47:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\defogger_reenable
[2012/01/09 23:44:33 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 22:46:48 | 1609,486,336 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/09 22:05:28 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2012/01/09 22:05:28 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2011/12/27 16:52:51 | 000,025,019 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Dr. Elmo.jpg
[2011/12/20 08:23:29 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2011/12/20 08:22:34 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
[2011/12/20 08:22:34 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2011/12/15 21:13:21 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/26 20:54:21 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/02/17 17:44:00 | 000,053,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/18 15:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/10/29 16:13:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/06/19 17:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 17:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/04/02 15:00:18 | 000,001,370 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 10:11:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/17 18:37:56 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/03/17 18:37:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/17 18:37:55 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/03/17 18:37:55 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/03/17 18:37:55 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/03/17 18:37:55 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/03/17 18:37:55 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/03/17 18:37:55 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/03/17 18:37:55 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/03/17 18:37:55 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/03/17 18:37:55 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/03/17 18:37:55 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/03/17 18:37:55 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/03/17 18:37:55 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/03/17 18:37:55 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/03/17 18:37:55 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/03/17 18:32:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2008/03/17 18:20:57 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw68.bin
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/11 09:11:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2007/09/30 18:29:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/05/24 23:10:25 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/26 12:02:43 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2007/04/26 12:02:43 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2007/03/07 22:20:02 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/27 14:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/02/21 13:11:18 | 000,010,663 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Comma Separated Values (Windows).CAL
[2006/01/09 22:35:10 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2005/09/01 11:01:03 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/09/01 11:00:46 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2005/09/01 11:00:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/07/05 23:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/06/21 18:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/06/16 22:23:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/05/17 11:24:29 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\fusioncache.dat
[2005/04/08 16:42:06 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/02/26 10:09:39 | 000,000,177 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/02/26 06:19:39 | 000,004,861 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2005/02/26 06:19:39 | 000,000,267 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2005/02/25 15:25:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/29 21:56:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/29 21:55:07 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2004/11/29 21:54:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/11/29 21:53:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/11/29 21:53:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/11/29 21:53:02 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/11/29 21:46:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/29 21:46:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/29 21:46:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/29 21:46:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/29 21:46:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/29 21:46:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/29 21:44:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/29 21:44:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/11/29 21:37:33 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2004/11/29 21:37:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/11/29 21:36:40 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/11/29 21:35:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2004/11/29 21:18:16 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/22 11:29:08 | 000,002,468 | ---- | C] () -- C:\WINDOWS\krb5.ini
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 00:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/19 15:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/01/09 09:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/08/11 07:30:31 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/02/20 12:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 12:18:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/20 12:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/20 12:03:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/20 12:02:39 | 001,552,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/08 22:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe
[2002/08/29 05:06:38 | 000,052,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2002/01/09 21:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 10:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 10:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 03:00:00 | 000,401,652 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 03:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 03:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 03:00:00 | 000,061,660 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 03:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 03:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/19 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/12/20 08:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2007/08/02 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GraphPad Software
[2004/11/29 21:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2008/06/20 11:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/09 22:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2011/01/18 15:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2011/02/04 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/08/06 21:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Canon
[2006/07/05 11:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\CLC bio
[2011/10/05 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\com.readcube.catalyst
[2011/11/15 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\com.readcube.Desktop
[2011/07/25 00:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\EndNote
[2008/03/18 08:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\EPSON
[2011/02/10 23:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\FileZilla
[2011/10/17 08:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Garmin
[2011/01/20 21:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\GlarySoft
[2007/08/02 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\GraphPad Software
[2005/02/25 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\IBM
[2005/06/22 16:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Leadertech
[2012/01/10 21:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Spotify
[2006/01/09 22:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\ThinkVantage
[2009/10/29 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\VanDyke
[2005/11/27 17:37:56 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2012/01/10 21:46:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:38 PM

Posted 16 January 2012 - 11:19 AM

Do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 dharmabum

dharmabum
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 16 January 2012 - 11:30 AM

Yes, please!

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:38 PM

Posted 16 January 2012 - 11:37 AM

Hi dharmabum and welcome to BC. ;)

Any changes on your PC since you made your initial post? What's the current status of the computer?

Also, we need to see a fresh log. Please run OTL again and post the new report for my review. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 dharmabum

dharmabum
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 16 January 2012 - 01:17 PM

The computer is operating pretty much the same way since I ran Malwarebytes and posted my original logs. All programs work but I continually get messages from Malwarebytes alerting me to attempts to connect to malicious IP addresses. I will run OTX again tonight and repost. Thanks.

#6 dharmabum

dharmabum
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 16 January 2012 - 08:49 PM

Attached File  OTL_1_16_12.Txt   114.02KB   1 downloadsHi noypi,

Here is the new OTL log. Please let me know what you think. The messages about blocking internet connections seem to have disappeared from Malwarebytes. However, the Malwarebytes icon also no longer appears red. Not sure if this means it is no longer working. Thanks in advance for your help.


OTL logfile created on: 1/16/2012 7:30:25 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Yehoshua Yaakov\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 41.76% Memory free
2.11 Gb Paging File | 1.30 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.42 Gb Total Space | 19.86 Gb Free Space | 38.62% Space Free | Partition Type: NTFS
Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: JOSHUAJACOB | User Name: Yehoshua Yaakov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 22:00:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yehoshua Yaakov\My Documents\Downloads\OTL.exe
PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/10/09 10:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/06/19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/10/10 14:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/05/11 01:59:23 | 000,349,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
PRC - [2006/10/12 14:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2005/09/15 13:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/06 03:08:00 | 000,745,472 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2005/09/06 03:08:00 | 000,086,016 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/09/06 03:08:00 | 000,081,920 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/08/29 14:15:02 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/08/08 13:01:40 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/08/02 19:06:54 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/08/02 18:56:48 | 002,364,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
PRC - [2005/08/02 18:52:40 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
PRC - [2005/08/02 18:17:30 | 000,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/07/07 15:22:54 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/17 01:53:54 | 000,770,048 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\Kerberos\leash32.exe
PRC - [2004/09/17 01:49:06 | 000,122,880 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\Kerberos\krbcc32s.exe
PRC - [2004/07/22 05:01:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2003/08/06 16:08:00 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2002/10/08 22:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2002/03/14 19:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2002/02/22 15:30:00 | 000,040,960 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\MIT\KLP\klptray.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/21 09:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/11/19 11:26:12 | 002,174,976 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2009/11/19 11:18:16 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2009/11/19 11:14:38 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2009/11/19 11:14:38 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2009/11/19 11:14:38 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/19 11:14:36 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/19 17:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005/09/06 19:50:36 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2005/09/06 19:50:32 | 000,065,536 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\TrayRes.dll
MOD - [2005/09/01 02:21:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/08/29 14:15:02 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
MOD - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/08/02 19:06:54 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/08/02 19:03:56 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/08/02 19:01:04 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/08/02 19:00:58 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/08/02 18:58:08 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/07/12 10:53:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/07/05 23:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/16 22:23:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2005/04/20 01:38:00 | 000,396,288 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL
MOD - [2004/09/17 01:53:14 | 000,002,560 | ---- | M] () -- C:\Program Files\Kerberos\krb524.dll
MOD - [2004/03/23 03:33:30 | 000,176,128 | ---- | M] () -- C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll
MOD - [2004/01/09 09:10:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll
MOD - [2003/08/11 07:30:31 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2003/07/04 02:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/10/08 22:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/10/09 10:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/06/19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/10/10 14:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/09/06 03:08:00 | 000,081,920 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/08/02 18:17:30 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stop_Pending] -- -- (MBAMSwissArmy)
DRV - [2012/01/14 21:17:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F81FB8-A410-4AC2-9F64-CDD20060EE71}\MpKslefd5231d.sys -- (MpKslefd5231d)
DRV - [2012/01/11 21:35:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F81FB8-A410-4AC2-9F64-CDD20060EE71}\MpKsl470bbf64.sys -- (MpKsl470bbf64)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/09 09:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/06/19 17:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/01/09 14:04:42 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/06 03:08:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/09/06 03:08:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/06 03:08:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/08/31 02:40:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/08/31 01:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/08/31 01:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/08/02 18:15:38 | 000,013,184 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/08/02 17:40:56 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/07/22 23:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 21:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/28 08:26:02 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/05/25 21:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 01:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 01:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/11 16:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 16:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/11/01 06:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/18 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 16:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 07:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 00:22:16 | 000,000,000 | ---D | M]

[2008/08/08 13:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Extensions
[2012/01/08 21:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Firefox\Profiles\7y0y5ko0.default\extensions
[2011/10/17 08:04:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Firefox\Profiles\7y0y5ko0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/01/09 16:14:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Mozilla\Firefox\Profiles\7y0y5ko0.default\extensions\moveplayer@movenetworks.com
[2011/11/10 18:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/30 08:55:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\YEHOSHUA YAAKOV\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7Y0Y5KO0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/09 07:58:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/19 13:44:52 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 07:13:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:10:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Brushed = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: YouTube = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FRYMXINS] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot File not found
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (Lenovo)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (Lenovo)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SetupWizard] D:\SetupWIZ\SetupWizard.exe reboot File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe (Massachusetts Institute of Technology)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe (Massachusetts Institute of Technology)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader.cab (MySpace Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www.lenovo.com/support/access/aslibmain/content/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EC350A-F462-4DF0-843A-9DAE32D8D55F}: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) -C:\WINDOWS\System32\tvt_gina.dll (IBM)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (Lenovo)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/23 15:42:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38ba75ca-7f31-11db-b6fa-000e358fc6d1}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{53f39dee-71dd-11dc-b841-000e358fc6d1}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{588da6f8-ed62-11e0-bb11-000e358fc6d1}\Shell - "" = AutoRun
O33 - MountPoints2\{588da6f8-ed62-11e0-bb11-000e358fc6d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{588da6f8-ed62-11e0-bb11-000e358fc6d1}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
O33 - MountPoints2\{af85dd50-54b2-11da-b51c-000e358fc6d1}\Shell\AutoRun\command - "" = E:\ggb6w.exe
O33 - MountPoints2\{af85dd50-54b2-11da-b51c-000e358fc6d1}\Shell\open\Command - "" = E:\ggb6w.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 21:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yehoshua Yaakov\Start Menu\Programs\Google Chrome
[2012/01/11 21:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/11 21:24:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/10 08:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Malwarebytes
[2012/01/10 03:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/10 03:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/09 23:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/09 23:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/09 23:42:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/09 23:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 08:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3ivx
[2011/12/20 08:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2011/12/20 08:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2011/12/20 08:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video

========== Files - Modified Within 30 Days ==========

[2012/01/16 19:03:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 19:01:03 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2362852565-2969362489-1344453102-1005UA.job
[2012/01/15 22:01:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2362852565-2969362489-1344453102-1005Core.job
[2012/01/14 21:22:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/14 21:19:55 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/01/14 21:18:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/14 21:17:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/14 21:17:17 | 1609,486,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 21:58:35 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Google Chrome.lnk
[2012/01/12 21:58:35 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/11 21:27:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/11 21:22:08 | 000,000,448 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/01/10 20:47:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\defogger_reenable
[2012/01/10 02:52:33 | 104,857,600 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\My Documents\SecureDrive.vol
[2012/01/09 23:44:33 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 23:37:15 | 000,014,686 | -HS- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2012/01/09 23:37:15 | 000,014,686 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2011/12/28 23:04:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Microsoft Office Word 2003.lnk
[2011/12/27 16:56:26 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 16:52:51 | 000,025,019 | ---- | M] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Dr. Elmo.jpg
[2011/12/23 11:46:51 | 000,401,652 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 11:46:51 | 000,061,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/20 08:23:29 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2011/12/20 08:22:34 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk

========== Files Created - No Company Name ==========

[2012/01/12 21:58:35 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Google Chrome.lnk
[2012/01/12 21:58:35 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/12 21:56:42 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2362852565-2969362489-1344453102-1005UA.job
[2012/01/12 21:56:41 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2362852565-2969362489-1344453102-1005Core.job
[2012/01/11 21:32:17 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/11 21:27:02 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/10 20:47:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\defogger_reenable
[2012/01/09 23:44:33 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 22:46:48 | 1609,486,336 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/09 22:05:28 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2012/01/09 22:05:28 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rl852wj330mmqr47288lc35317u85ux808k2yc5m5cr101
[2011/12/27 16:52:51 | 000,025,019 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Desktop\Dr. Elmo.jpg
[2011/12/20 08:23:29 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2011/12/20 08:22:34 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
[2011/12/20 08:22:34 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2011/09/26 20:54:21 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/02/17 17:44:00 | 000,053,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/18 15:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/10/29 16:13:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/06/19 17:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 17:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/04/02 15:00:18 | 000,001,370 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 10:11:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/17 18:37:56 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/03/17 18:37:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/17 18:37:55 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/03/17 18:37:55 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/03/17 18:37:55 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/03/17 18:37:55 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/03/17 18:37:55 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/03/17 18:37:55 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/03/17 18:37:55 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/03/17 18:37:55 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/03/17 18:37:55 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/03/17 18:37:55 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/03/17 18:37:55 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/03/17 18:37:55 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/03/17 18:37:55 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/03/17 18:37:55 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/03/17 18:32:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2008/03/17 18:20:57 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw68.bin
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/11 09:11:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2007/09/30 18:29:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/05/24 23:10:25 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/26 12:02:43 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2007/04/26 12:02:43 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2007/03/07 22:20:02 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/27 14:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/02/21 13:11:18 | 000,010,663 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Application Data\Comma Separated Values (Windows).CAL
[2006/01/09 22:35:10 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2005/09/01 11:01:03 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/09/01 11:00:46 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2005/09/01 11:00:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/07/05 23:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/06/21 18:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/06/16 22:23:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/05/17 11:24:29 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Yehoshua Yaakov\Local Settings\Application Data\fusioncache.dat
[2005/04/08 16:42:06 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/02/26 10:09:39 | 000,000,177 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/02/26 06:19:39 | 000,004,861 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2005/02/26 06:19:39 | 000,000,267 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2005/02/25 15:25:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/29 21:56:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/29 21:55:07 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2004/11/29 21:54:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/11/29 21:53:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/11/29 21:53:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/11/29 21:53:02 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/11/29 21:46:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/29 21:46:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/29 21:46:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/29 21:46:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/29 21:46:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/29 21:46:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/29 21:44:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/29 21:44:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/11/29 21:37:33 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2004/11/29 21:37:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2004/11/29 21:36:40 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/11/29 21:35:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2004/11/29 21:18:16 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/22 11:29:08 | 000,002,468 | ---- | C] () -- C:\WINDOWS\krb5.ini
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 00:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/19 15:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/01/09 09:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/08/11 07:30:31 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/02/20 12:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 12:18:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/20 12:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/20 12:03:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/20 12:02:39 | 001,552,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/08 22:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe
[2002/01/09 21:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 10:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 10:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 03:00:00 | 000,401,652 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 03:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 03:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 03:00:00 | 000,061,660 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 03:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 03:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

#7 dharmabum

dharmabum
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 16 January 2012 - 09:03 PM

Hi noypi,

Windows Defender just found another trojan file on my computer and removed it. The name of this file is Trojan:JS/BlacoleRef.G.

-dharmabum

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:38 PM

Posted 16 January 2012 - 09:52 PM

Hi dharmabum,

The computer is still infected base on your posted log. Please do not attach logs unless instructed. Thank you.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:38 PM

Posted 21 January 2012 - 07:48 PM

Are you still with me?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:38 PM

Posted 22 January 2012 - 11:20 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users