Jump to content


Photo
- - - - -

"Recommended For You" slide out


  • This topic is locked This topic is locked
28 replies to this topic

#1 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 29 April 2012 - 05:51 PM

Recently I started getting this pop up that slides up (bottom right) while i am browsing the web. It looks like an iphone. (Screenshot here http://i50.tinypic.com/whxq9y.jpg )
When I click on the x button it minimizes to a small rectangular white box that says "Recommended For You". Any ideas on how to rid myself of this annoyance?
Thanks, Paul

I've scanned with Microsoft Security Essentials and Malwarebytes, but both show my computer is "clean", with no threats found.
An internet search shows this slide out may have something to do with http://www.google-analytics.com/ga.js

Here are the DDS and Attach logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by user1 at 18:33:11 on 2012-04-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4007.1702 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Explorer.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://lenovo.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB7A3FE2-7240-49B0-8C94-413BF757F4DF} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-04-29 21:49:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7985429-1543-4291-8DD4-DFD5778D7CBD}\offreg.dll
2012-04-29 21:44:22 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7985429-1543-4291-8DD4-DFD5778D7CBD}\mpengine.dll
2012-04-29 21:23:10 -------- d-----w- C:\Users\user1\AppData\Local\adaware
2012-04-29 21:23:08 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-29 21:23:06 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-29 21:23:06 45904 ----a-w- C:\Windows\System32\sbbd.exe
2012-04-29 21:23:03 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-29 21:23:03 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-29 21:22:56 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-29 21:22:55 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-29 21:22:52 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-29 21:21:35 -------- d-----w- C:\Users\user1\AppData\Roaming\Ad-Aware Antivirus
2012-04-29 15:49:52 -------- d-----w- C:\Users\user1\AppData\Local\{0CBAAFE1-F282-4C01-B382-B1F49B7421F6}
2012-04-29 15:49:37 -------- d-----w- C:\Users\user1\AppData\Local\{EA208F48-EA07-4185-AFF4-603DB37213AC}
2012-04-29 03:46:58 -------- d-----w- C:\Users\user1\AppData\Local\{CA3C190C-A4FE-4357-922F-FE7781EAC7E1}
2012-04-29 03:46:43 -------- d-----w- C:\Users\user1\AppData\Local\{BA487CB7-B568-419F-90C1-44C685E1D67B}
2012-04-29 03:13:17 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 02:25:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-29 02:25:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-29 02:15:19 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-28 14:29:07 -------- d-----w- C:\Users\user1\AppData\Local\{106163FB-36B6-4D04-8CF8-6CFAEE37DDB2}
2012-04-28 14:28:52 -------- d-----w- C:\Users\user1\AppData\Local\{3B276D9D-A6E5-4D43-B280-B96AF02079CB}
2012-04-28 05:39:16 -------- d-----w- C:\Users\user1\AppData\Local\{7C4AAF79-F3AC-4588-8A14-D48E858CE6E9}
2012-04-28 05:39:01 -------- d-----w- C:\Users\user1\AppData\Local\{355F1A28-0282-4816-BA78-A1C42071C9F0}
2012-04-27 05:52:34 -------- d-----w- C:\Users\user1\AppData\Local\{5F0AFC09-4089-4482-814F-3E6E6F57C851}
2012-04-27 05:52:19 -------- d-----w- C:\Users\user1\AppData\Local\{0E30B69D-4B8D-4C01-8E47-4D335FBA3A99}
2012-04-26 16:36:54 -------- d-----w- C:\Users\user1\AppData\Local\{4EA72224-DB4E-4747-AED9-9CD248DFB4E3}
2012-04-26 16:36:39 -------- d-----w- C:\Users\user1\AppData\Local\{A5DDED1D-26A3-4075-A8BD-B7E27F8BF305}
2012-04-26 04:35:26 -------- d-----w- C:\Users\user1\AppData\Local\{9CA5AAB9-C6CE-4AAF-9694-1C9D7189E0ED}
2012-04-26 04:35:12 -------- d-----w- C:\Users\user1\AppData\Local\{4141E85B-908D-4417-8DDB-91ABC5EB1B30}
2012-04-25 16:29:37 -------- d-----w- C:\Users\user1\AppData\Local\{9B533323-4B90-43EF-8F48-5C5D1C68D0A6}
2012-04-25 16:29:22 -------- d-----w- C:\Users\user1\AppData\Local\{F4C3E502-334D-466A-AC5D-C0F2277F141D}
2012-04-24 16:49:24 -------- d-----w- C:\Users\user1\AppData\Local\{3CA56CB0-7980-4AC5-91C9-DAEF160A79F6}
2012-04-24 16:49:09 -------- d-----w- C:\Users\user1\AppData\Local\{BFC72FB3-C0FC-4A99-8CE6-FBC1E7DCAE6A}
2012-04-24 04:29:12 -------- d-----w- C:\Users\user1\AppData\Local\{CF4B4D6E-ED23-4202-BCA5-C481041B7238}
2012-04-24 04:28:57 -------- d-----w- C:\Users\user1\AppData\Local\{DE164F19-5E36-4CF0-9721-574EDB3EC94D}
2012-04-23 14:55:25 -------- d-----w- C:\Users\user1\AppData\Local\{94034CD9-0035-4A4D-B5C9-BBB8449228F4}
2012-04-22 22:52:33 -------- d-----w- C:\Users\user1\AppData\Local\{8774D8C5-3A0F-481C-9389-968E07F84B6A}
2012-04-22 22:52:18 -------- d-----w- C:\Users\user1\AppData\Local\{C5D063A0-E04E-4923-B9F3-9FCD9AD90B25}
2012-04-20 20:55:59 -------- d-----w- C:\Users\user1\AppData\Local\{F73D2B35-6887-49E2-BA2A-2537C3E5F383}
2012-04-20 20:55:44 -------- d-----w- C:\Users\user1\AppData\Local\{DE7EDCED-57DD-49DB-BB03-DAD05FFA5D56}
2012-04-19 21:50:19 -------- d-----w- C:\Users\user1\AppData\Local\{E988C6D5-10CF-4AC4-9E0D-46E228CE62B7}
2012-04-19 21:50:04 -------- d-----w- C:\Users\user1\AppData\Local\{311595BB-D6B1-4165-B577-197B316AC5EC}
2012-04-18 21:00:36 -------- d-----w- C:\Users\user1\AppData\Local\{71CEBFCD-84A2-4DEF-AAEB-8107FFE3C27C}
2012-04-18 21:00:26 -------- d-----w- C:\Users\user1\AppData\Local\{5E521600-1E46-4F14-A837-A55987093307}
2012-04-17 11:01:37 -------- d-----w- C:\Users\user1\AppData\Local\{75852042-B98C-452A-AEB7-84F366DFBF1E}
2012-04-17 11:01:23 -------- d-----w- C:\Users\user1\AppData\Local\{03B01B4B-2790-4718-AE41-CA77588114F4}
2012-04-16 18:02:27 -------- d-----w- C:\Users\user1\AppData\Local\{50D01D00-93A4-4F72-BD26-8255E692CCE8}
2012-04-16 18:02:12 -------- d-----w- C:\Users\user1\AppData\Local\{638F2AE2-3A9A-4AFE-8966-CA6F099E2427}
2012-04-15 15:50:16 -------- d-----w- C:\Windows\en
2012-04-15 15:47:54 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DSETUP.dll
2012-04-15 15:47:54 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DXSETUP.exe
2012-04-15 15:47:54 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\dsetup32.dll
2012-04-15 15:46:45 -------- d-----w- C:\Users\user1\AppData\Local\{255BD702-E1A8-4DC8-B5E0-4E6A95C1DB3C}
2012-04-15 15:46:30 -------- d-----w- C:\Users\user1\AppData\Local\{E018473C-DD44-4034-9CFA-DA175E17CFDC}
2012-04-14 14:36:29 -------- d-----w- C:\Users\user1\AppData\Local\{3623E1BB-728D-4AC8-B81F-1BDC25D26EC4}
2012-04-12 05:18:48 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 05:18:48 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 05:18:48 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 05:16:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 05:16:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 05:16:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 05:16:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 05:16:51 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 05:16:51 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 05:16:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 04:35:08 -------- d-----w- C:\Users\user1\AppData\Local\{162EB1DD-BD54-4FB9-A0A8-F90726868504}
2012-04-10 16:43:00 -------- d-----w- C:\Users\user1\AppData\Local\{BAED8627-6040-4535-858A-895128752241}
2012-04-09 14:35:08 -------- d-----w- C:\Users\user1\AppData\Local\{22B23D08-3EC3-49FB-A269-967FAEDAA0CB}
2012-04-08 01:39:45 -------- d-----w- C:\Users\user1\AppData\Local\{FF0DC12E-90AD-43C5-849A-CCE78E60703A}
2012-04-07 13:47:15 -------- d-----w- C:\Users\user1\AppData\Local\{818F4B87-B47E-402D-B437-193DDC7C64F3}
2012-04-06 11:01:29 -------- d-----w- C:\Users\user1\AppData\Local\{F0D56557-79E0-478D-BD2B-CB676703A1C7}
2012-04-05 20:36:45 -------- d-----w- C:\Users\user1\AppData\Local\{D65D2BD6-73F8-43C1-9E8A-109C0CB17E5F}
2012-04-04 20:41:18 -------- d-----w- C:\Users\user1\AppData\Local\{B7F421DC-A740-429B-85DE-277FBBEA0B64}
2012-04-03 11:02:02 -------- d-----w- C:\Users\user1\AppData\Local\{44D93CC9-0C3F-4CEA-A5FD-00AF59B1591F}
2012-04-02 21:09:52 -------- d-----w- C:\Users\user1\AppData\Local\{99B98E10-DA13-46DA-9D46-EEF90EFEC75A}
2012-04-01 18:05:15 -------- d-----w- C:\Users\user1\AppData\Local\{6C303416-1070-4026-A20E-A9F298B49C19}
2012-03-31 06:11:48 -------- d-----w- C:\Users\user1\AppData\Local\{0F46E303-F747-4E17-BF64-D873BB439952}
.
==================== Find3M ====================
.
2012-04-29 03:13:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 05:24:00 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-24 13:36:58 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-27 02:53:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:35:02.61 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22/06/2011 12:07:50 PM
System Uptime: 29/04/2012 5:32:47 PM (1 hours ago)
.
Motherboard: LENOVO | | 11433FU
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 363.476 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 225.506 GiB free.
Q: is FIXED (NTFS) - 10 GiB total, 0.734 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 14/04/2012 2:17:56 PM - Revo Uninstaller's restore point - JScreenFix
RP185: 15/04/2012 11:26:38 AM - Windows Update
RP186: 15/04/2012 11:47:53 AM - Windows Live Essentials
RP187: 15/04/2012 11:48:24 AM - Installed DirectX
RP188: 15/04/2012 11:48:39 AM - Installed DirectX
RP189: 15/04/2012 11:48:55 AM - WLSetup
RP190: 19/04/2012 7:11:48 AM - Windows Update
RP191: 22/04/2012 11:05:22 AM - Windows Update
RP192: 22/04/2012 7:02:46 PM - Installed Rapport
RP193: 26/04/2012 1:14:41 AM - Windows Update
RP194: 29/04/2012 12:07:22 PM - Installed Microsoft Fix it 50267
RP195: 29/04/2012 5:43:47 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 10
Adobe Reader X (10.1.2)
Any Video Converter 3.3.2
Burn.Now 4.5
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX40 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel KPT Collection
Corel KPT Collection for PSPX4
Corel PaintShop Pro X4
Corel PaintShop Pro X4 Ultimate Bonus Pack
Corel WinDVD
Create Recovery Media
CyberLink PowerDVD 8
D3DX10
Direct DiscRecorder
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVDFab 8.1.6.8 (17/03/2012) Qt
Elements 10 Organizer
GIMP 2.6.11
Google Chrome
ICA
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Wireless Display
IPM_PSP_COM
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes Anti-Malware version 1.61.0.1400
Memeo Instant Backup
Message Center Plus
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OpenOffice.org 3.3
PhotoScape
Picasa 3
PixBuilder Studio 2.0.3
PSE10 STI Installer
PSPPContent
PSPPHelp
RapidBoot
Rapport
Realtek Ethernet Controller Driver
Rescue and Recovery
Revo Uninstaller 1.93
RICOH Media Driver v2.10.18.02
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Setup
Spybot - Search & Destroy
SpywareBlaster 4.6
System Update
ThinkPad Power Manager
UDPixel.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
29/04/2012 5:24:53 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {706FFEF5-7E90-4149-B038-B39106ECDB99} and APPID {7C7C1AC9-F894-423B-AE6C-558286658538} to the user user1-THINK\user1 SID (S-1-5-21-3474410928-4036716992-2113835924-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
29/04/2012 11:00:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/04/2012 3:17:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
28/04/2012 2:57:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/04/2012 12:39:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/04/2012 10:08:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
27/04/2012 12:05:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
27/04/2012 11:04:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/04/2012 12:23:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/04/2012 12:09:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2012 3:13:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2012 12:15:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2012 11:50:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2012 10:46:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24/04/2012 12:29:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24/04/2012 12:08:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
23/04/2012 10:47:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
22/04/2012 7:02:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
22/04/2012 4:28:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
22/04/2012 10:37:09 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
22/04/2012 10:37:09 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 April 2012 - 04:27 AM

Hello 80tasmin and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

What was your version of Microsoft Security Essentials 1.x or 2.x?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 30 April 2012 - 06:03 AM

Microsoft Security Essentials version 2.1.116.0, with latest definitions.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 May 2012 - 05:11 AM

Thanks!

That is important, because there are some remnants from your old Micorosft Security Essentials.


Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Follow the instructions from Fix it for me section to get rid of remnants of Microsoft Security Essentials:
http://support.micro....com/kb/2483120


Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 4

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 5

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • OTL log with Extras.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 May 2012 - 06:34 PM

As requested, I've
disabled tea timer
used "Fix it for me" to rid old remnants of Microsoft Security Essentials (latest version remains)
Updated Malwarebytes and performed "quick scan" and "scan"
Run aswMBR.exe
Run OTL, "scan all users" "quick scan" (file age 30 days)

•Malwarebytes' Anti-Malware log
•aswMBR log
•OTL log with Extras.txt
logs posted below.....Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
user1 :: USER1-THINK [administrator]

01/05/2012 5:09:26 PM
mbam-log-2012-05-01 (17-09-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197650
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
user1 :: USER1-THINK [administrator]

01/05/2012 5:15:48 PM
mbam-log-2012-05-01 (17-15-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346231
Time elapsed: 1 hour(s), 14 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-01 18:45:31
-----------------------------
18:45:31.742 OS Version: Windows x64 6.1.7601 Service Pack 1
18:45:31.742 Number of processors: 4 586 0x2A07
18:45:31.742 ComputerName: USER1-THINK UserName: user1
18:45:33.411 Initialize success
18:46:43.028 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:46:43.028 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
18:46:43.044 Disk 0 MBR read successfully
18:46:43.060 Disk 0 MBR scan
18:46:43.060 Disk 0 unknown MBR code
18:46:43.060 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
18:46:43.075 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465738 MB offset 2459648
18:46:43.106 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
18:46:43.153 Disk 0 scanning C:\Windows\system32\drivers
18:46:51.546 Service scanning
18:47:03.776 Modules scanning
18:47:03.776 Disk 0 trace - called modules:
18:47:03.776 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:47:03.792 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066ac060]
18:47:04.291 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003cf5320]
18:47:04.291 5 ACPI.sys[fffff88000fa77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800544d050]
18:47:04.291 Scan finished successfully
18:47:44.539 Disk 0 MBR has been saved successfully to "C:\Users\user1\Desktop\logs may1\MBR.dat"
18:47:44.539 The log file has been saved successfully to "C:\Users\user1\Desktop\logs may1\aswMBR may 1.txt"



OTL logfile created on: 01/05/2012 6:57:27 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\user1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.33% Memory free
7.82 Gb Paging File | 5.99 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 362.29 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.73 Gb Free Space | 7.52% Space Free | Partition Type: NTFS

Computer Name: USER1-THINK | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 18:56:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
PRC - [2012/04/17 01:23:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/05/04 17:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/03 14:44:00 | 000,057,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/01/27 16:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/27 16:30:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/01/27 16:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/01/16 23:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/16 22:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2010/12/11 19:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2010/12/01 23:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/24 03:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/18 19:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 01:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 00:21:44 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 12:10:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
MOD - [2012/04/12 12:10:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/12 12:10:33 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 12:10:28 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files (x86)\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2012/02/16 11:27:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 11:27:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/16 11:26:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 11:26:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 11:26:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/12 01:45:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/07 17:10:11 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/04 17:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 17:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 17:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/12/11 19:58:50 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/06 12:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 12:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2010/03/22 18:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/27 16:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/01/27 16:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/13 17:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/18 18:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/03 16:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2010/12/02 22:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 23:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 03:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/12 05:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/11/02 16:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/11/02 16:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 16:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/28 23:13:43 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/04 17:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2011/02/21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/02/03 14:44:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/12/11 19:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010/11/18 19:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/17 01:24:00 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/25 23:25:11 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/30 19:55:12 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/30 19:54:36 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/24 06:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/02/03 14:44:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/01/13 17:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 17:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/18 03:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 03:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 03:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 03:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 03:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/14 22:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/03 16:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/23 02:50:12 | 001,567,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 05:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 16:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2012/04/17 01:24:00 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/04/17 01:23:58 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/12/15 17:23:46 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EA94F8B1-D750-434E-AF50-A12B12D88634}
IE:64bit: - HKLM\..\SearchScopes\{EA94F8B1-D750-434E-AF50-A12B12D88634}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {DBBDF09F-008E-46DB-84A8-62A3ED9F09BF}
IE - HKLM\..\SearchScopes\{DBBDF09F-008E-46DB-84A8-62A3ED9F09BF}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\..\SearchScopes,DefaultScope = {DBBDF09F-008E-46DB-84A8-62A3ED9F09BF}
IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59677
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 10:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/18 10:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Extensions
[2012/04/25 00:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\568abahm.default\extensions
[2012/04/25 00:52:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\568abahm.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/02/26 22:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/26 22:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user1\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/18 01:38:10 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.113 www.google-analytics.com.
O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.113 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found
O8:64bit: - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found
O8:64bit: - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB7A3FE2-7240-49B0-8C94-413BF757F4DF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{07ddebc6-87f0-11e0-be62-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{07ddebc6-87f0-11e0-be62-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{39c7a6d1-9f84-11e0-8622-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{39c7a6d1-9f84-11e0-8622-806e6f6e6963}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 18:56:42 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2012/05/01 17:20:47 | 000,000,000 | ---D | C] -- C:\Users\user1\Desktop\logs may1
[2012/05/01 16:55:30 | 000,000,000 | R--D | C] -- C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/05/01 07:08:18 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{1F174FE2-AA36-43B0-B888-D169F297B768}
[2012/05/01 07:08:03 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{D0BE9B45-B58A-4461-8CA2-8C1B0C8992D8}
[2012/04/30 18:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/30 17:02:08 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{CD9E9C01-8A99-4407-963D-F3461DB15B6E}
[2012/04/30 17:01:53 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{AEA0A4B2-2A00-4F62-A31F-C762CBF8203A}
[2012/04/29 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\adaware
[2012/04/29 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/29 17:23:06 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/04/29 17:23:06 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2012/04/29 17:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/29 17:23:03 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/04/29 17:23:03 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/04/29 17:22:56 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/04/29 17:22:55 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/04/29 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/29 17:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/04/29 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\Ad-Aware Antivirus
[2012/04/29 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{0CBAAFE1-F282-4C01-B382-B1F49B7421F6}
[2012/04/29 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{EA208F48-EA07-4185-AFF4-603DB37213AC}
[2012/04/29 11:21:39 | 006,243,960 | ---- | C] (Lavasoft Limited) -- C:\Users\user1\Desktop\Adaware_Installer.exe
[2012/04/28 23:46:58 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{CA3C190C-A4FE-4357-922F-FE7781EAC7E1}
[2012/04/28 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{BA487CB7-B568-419F-90C1-44C685E1D67B}
[2012/04/28 22:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/28 22:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/28 22:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/28 10:29:07 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{106163FB-36B6-4D04-8CF8-6CFAEE37DDB2}
[2012/04/28 10:28:52 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{3B276D9D-A6E5-4D43-B280-B96AF02079CB}
[2012/04/28 01:39:16 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{7C4AAF79-F3AC-4588-8A14-D48E858CE6E9}
[2012/04/28 01:39:01 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{355F1A28-0282-4816-BA78-A1C42071C9F0}
[2012/04/27 01:52:34 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{5F0AFC09-4089-4482-814F-3E6E6F57C851}
[2012/04/27 01:52:19 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{0E30B69D-4B8D-4C01-8E47-4D335FBA3A99}
[2012/04/26 12:36:54 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{4EA72224-DB4E-4747-AED9-9CD248DFB4E3}
[2012/04/26 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{A5DDED1D-26A3-4075-A8BD-B7E27F8BF305}
[2012/04/26 00:35:26 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{9CA5AAB9-C6CE-4AAF-9694-1C9D7189E0ED}
[2012/04/26 00:35:12 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{4141E85B-908D-4417-8DDB-91ABC5EB1B30}
[2012/04/25 12:29:37 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{9B533323-4B90-43EF-8F48-5C5D1C68D0A6}
[2012/04/25 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{F4C3E502-334D-466A-AC5D-C0F2277F141D}
[2012/04/24 12:49:24 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{3CA56CB0-7980-4AC5-91C9-DAEF160A79F6}
[2012/04/24 12:49:09 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{BFC72FB3-C0FC-4A99-8CE6-FBC1E7DCAE6A}
[2012/04/24 00:29:12 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{CF4B4D6E-ED23-4202-BCA5-C481041B7238}
[2012/04/24 00:28:57 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{DE164F19-5E36-4CF0-9721-574EDB3EC94D}
[2012/04/23 10:55:25 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{94034CD9-0035-4A4D-B5C9-BBB8449228F4}
[2012/04/22 18:52:33 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{8774D8C5-3A0F-481C-9389-968E07F84B6A}
[2012/04/22 18:52:18 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{C5D063A0-E04E-4923-B9F3-9FCD9AD90B25}
[2012/04/20 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{F73D2B35-6887-49E2-BA2A-2537C3E5F383}
[2012/04/20 16:55:44 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{DE7EDCED-57DD-49DB-BB03-DAD05FFA5D56}
[2012/04/19 17:50:19 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{E988C6D5-10CF-4AC4-9E0D-46E228CE62B7}
[2012/04/19 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{311595BB-D6B1-4165-B577-197B316AC5EC}
[2012/04/18 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{71CEBFCD-84A2-4DEF-AAEB-8107FFE3C27C}
[2012/04/18 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{5E521600-1E46-4F14-A837-A55987093307}
[2012/04/17 07:01:37 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{75852042-B98C-452A-AEB7-84F366DFBF1E}
[2012/04/17 07:01:23 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{03B01B4B-2790-4718-AE41-CA77588114F4}
[2012/04/16 14:02:27 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{50D01D00-93A4-4F72-BD26-8255E692CCE8}
[2012/04/16 14:02:12 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{638F2AE2-3A9A-4AFE-8966-CA6F099E2427}
[2012/04/15 11:50:16 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/15 11:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/15 11:46:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{255BD702-E1A8-4DC8-B5E0-4E6A95C1DB3C}
[2012/04/15 11:46:30 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{E018473C-DD44-4034-9CFA-DA175E17CFDC}
[2012/04/14 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{3623E1BB-728D-4AC8-B81F-1BDC25D26EC4}
[2012/04/12 00:35:08 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{162EB1DD-BD54-4FB9-A0A8-F90726868504}
[2012/04/10 12:43:00 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{BAED8627-6040-4535-858A-895128752241}
[2012/04/09 10:35:08 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{22B23D08-3EC3-49FB-A269-967FAEDAA0CB}
[2012/04/07 21:39:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{FF0DC12E-90AD-43C5-849A-CCE78E60703A}
[2012/04/07 09:47:15 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{818F4B87-B47E-402D-B437-193DDC7C64F3}
[2012/04/06 07:01:29 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{F0D56557-79E0-478D-BD2B-CB676703A1C7}
[2012/04/05 16:36:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{D65D2BD6-73F8-43C1-9E8A-109C0CB17E5F}
[2012/04/04 16:41:18 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{B7F421DC-A740-429B-85DE-277FBBEA0B64}
[2012/04/03 07:02:02 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{44D93CC9-0C3F-4CEA-A5FD-00AF59B1591F}
[2012/04/02 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{99B98E10-DA13-46DA-9D46-EEF90EFEC75A}

========== Files - Modified Within 30 Days ==========

[2012/05/01 18:56:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2012/05/01 18:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000UA.job
[2012/05/01 18:13:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 17:09:13 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/01 17:05:57 | 000,002,304 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/05/01 17:01:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 17:01:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 16:59:52 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/01 16:59:52 | 000,631,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/01 16:59:52 | 000,112,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/01 16:55:27 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/05/01 16:54:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/01 16:54:27 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 18:44:37 | 000,001,682 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/04/30 18:44:37 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/04/30 18:44:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/30 18:44:15 | 000,735,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/30 06:37:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/29 17:33:11 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/29 13:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000Core.job
[2012/04/29 11:21:56 | 006,243,960 | ---- | M] (Lavasoft Limited) -- C:\Users\user1\Desktop\Adaware_Installer.exe
[2012/04/24 12:54:38 | 000,606,040 | ---- | M] () -- C:\Users\user1\Desktop\https___www.medavie.bluecross.pdf
[2012/04/17 01:24:00 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/16 16:24:09 | 000,000,511 | ---- | M] () -- C:\Users\user1\Desktop\GRAEME 931.rtf
[2012/04/13 00:12:06 | 000,002,416 | ---- | M] () -- C:\Users\user1\Desktop\Google Chrome.lnk
[2012/04/11 13:25:02 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/01 17:04:13 | 000,002,304 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/04/30 18:44:37 | 000,001,682 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/04/30 18:44:37 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/04/29 17:34:11 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/29 17:23:05 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/28 22:15:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 12:54:38 | 000,606,040 | ---- | C] () -- C:\Users\user1\Desktop\https___www.medavie.bluecross.pdf
[2012/04/16 16:24:09 | 000,000,511 | ---- | C] () -- C:\Users\user1\Desktop\GRAEME 931.rtf
[2012/04/11 13:25:02 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 18:50:39 | 000,010,752 | ---- | C] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 14:41:36 | 000,007,606 | ---- | C] () -- C:\Users\user1\AppData\Local\Resmon.ResmonCfg
[2012/01/16 00:05:53 | 000,009,513 | ---- | C] () -- C:\Users\user1\AppData\Roaming\2be43f3f
[2012/01/16 00:05:53 | 000,009,488 | ---- | C] () -- C:\Users\user1\AppData\Local\3d4df88a
[2012/01/16 00:05:53 | 000,009,467 | ---- | C] () -- C:\ProgramData\465f0191
[2011/12/23 14:15:54 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2011/07/31 07:31:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/22 15:39:38 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/26 19:45:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/26 19:45:31 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/26 19:45:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/26 19:27:15 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2011/08/22 18:40:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/08/22 18:40:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/01/19 01:42:50 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\31864
[2012/01/19 02:58:31 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\9E331
[2012/04/29 20:15:51 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Ad-Aware Antivirus
[2012/01/22 22:31:37 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\AnvSoft
[2011/12/10 02:22:50 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/09 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/24 18:55:39 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\gtk-2.0
[2012/02/17 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\IObit
[2011/09/11 11:05:15 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Leadertech
[2011/09/11 11:10:44 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Memeo
[2011/12/31 14:09:49 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Nik Software
[2011/12/23 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\No Company Name
[2011/06/23 11:58:26 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\OpenOffice.org
[2012/02/18 02:35:46 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Orbit
[2011/07/10 10:44:52 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PCDr
[2011/12/16 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PDAppFlex
[2012/01/16 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PhotoScape
[2012/01/22 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\ProgSense
[2011/06/22 12:23:04 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PwrMgr
[2011/09/11 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Seagate
[2011/06/25 09:02:24 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Trusteer
[2012/03/24 09:35:19 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Ulead Systems
[2011/07/10 10:41:53 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Update
[2011/07/07 08:03:30 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Windows Live Writer
[2012/04/30 06:37:02 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/29 17:33:11 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/19 07:00:53 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/01 17:09:13 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 01/05/2012 6:57:27 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\user1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.33% Memory free
7.82 Gb Paging File | 5.99 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 362.29 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.73 Gb Free Space | 7.52% Space Free | Partition Type: NTFS

Computer Name: USER1-THINK | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01653C2B-B187-4D83-AFDB-717350874CEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{02887AE5-8F8B-4D58-8897-D191DCB78A6B}" = lport=137 | protocol=17 | dir=in | app=system |
"{09BAA6CB-8DA9-4AB2-8E58-5FAA5AC0493F}" = rport=445 | protocol=6 | dir=out | app=system |
"{0B6A53C8-F342-4530-9C9F-B341195DEBF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16BCF4F6-1886-4ECB-8CFA-A8C0FECB8D98}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{42079FA5-E135-45F2-9A84-A3F30C022FD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5ABC9D1E-3CCA-428B-BA7F-19E60FD6C1DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62ADD6A0-8C7F-48DE-80C6-EE70C201354A}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CCCCEF4-D0CB-4692-8FB4-7CAEC1B1378B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DEE3503-9FB1-448E-ACEA-0BC8DD880D6A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9972CD1A-C045-4B85-BAE6-0332247C7B66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E7DC22-0E49-4E24-9C2C-76209914015A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AB6624F4-6849-44DB-9CCD-1C188D22C91B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BD3627B7-9B42-4C39-A9E6-14AC8CBAA2AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4713433-1287-4DF0-8CC7-76E39D3E9FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D71878B9-169F-4DA5-A3D9-42ECB356F63D}" = rport=137 | protocol=17 | dir=out | app=system |
"{DA9A1D06-7D29-4D74-83D4-1095113303C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC82B329-30BE-4606-B7E6-B73A49B08443}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E23A6473-AEE4-444C-ADA2-2465D8236819}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6364D22-4E4E-42E3-872B-019C31F8144C}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6C158FD-FB92-4078-9190-E6FF3FAF7061}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EBE0FD1B-8A2E-4D69-86B2-E7885CD14FB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDFE3E0E-053C-4E14-967E-4DF1E5C94DE7}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8B192B-F680-49EB-BA8C-345FA8CB2C03}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{13B12835-3905-4FAF-94C0-EBE35156F173}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{20CBE46E-1E31-463D-A232-FE713EEA6997}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{228D6B05-BB3E-4FEC-B7EB-36A4185A5013}" = protocol=58 | dir=in | app=system |
"{2B6AB279-CB54-4005-BBAC-3AC6F9AC8286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40C6E6DC-1EFC-486A-AFC9-7D6265D10FF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{412BF0F3-1C5E-47B0-B301-2AC633499631}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C6D8DE4-C83F-4E3B-A0D8-2FFBA1EA27B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4FD2446B-65FE-4932-B64A-37ED7F9E44D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54A8B366-C4D6-462C-839D-E162E753C42E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EFF9B63-3920-402B-903E-36A5CAEFA05F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62B9D8C4-C4D7-4F47-9F12-161524E0D588}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{6A0579BE-68F0-4D02-A659-360A80CD9AA1}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{76E66258-2108-4FC2-B1F9-F66D4AA6F9B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7BCAD822-1818-481F-B80C-3CBE5F3F8FC1}" = protocol=6 | dir=out | app=system |
"{7E5F467B-8E3B-44AD-BE6B-E2E84FE4DC64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88CC1F31-D714-4700-ADA0-93FDD7D8EFD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E3E4120-8EEC-486F-B7AB-B3903130A568}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93296F1A-B13F-49C0-BFB8-0F296A9929D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95E593E3-DEEF-43B2-BD2D-B9C62B843549}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{BBC88508-5555-4D1B-BDDB-A64085CE0D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBCA4388-FB69-40E0-88E2-B65CB1B8BFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{C949D3BA-673C-4C1E-86F2-FFB73922DB0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D26D6B40-6FE6-4CD5-922F-C49436E1B30B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{D4A26C52-B4E6-4ECD-B881-04F7E4C98B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D820B0C2-4A33-4C88-BEE7-9581594399A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC2D8B88-FCB4-4F5D-8C58-A7E53655E382}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{E376A278-5DBC-4766-80E4-EE5B17591B56}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{E488166D-0BCA-4912-8F70-3F14829792E6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EA9B9B3C-E4CA-4F4A-AE2A-D225A63BA9DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F12C78BB-0BCD-4A6A-A467-AB28F86522DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{00F562B4-DF71-4750-A03F-D0ECC6EE1CF8}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{59BE472B-DFC7-416E-9215-7E202826B7A8}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{E7770E9F-A436-4FCF-9092-E68F245AB79C}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{4D5A9D94-AB40-4E61-A970-F751F22D3060}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{C9DCDF4F-B5DE-4F62-9F0C-CA39866A2136}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{CC63366F-B440-4B34-B86A-899236AE9803}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel® PROSet/Wireless WiFi Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF" = Windows Driver Package - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"5DF942712DC7660AE4A1B04809A1C3F67B0CA27C" = Windows Driver Package - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20671 SmartAudio HD
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}" = Corel KPT Collection for PSPX4
"_{45E8DDB3-8FEB-40DB-A6D7-3535392AA559}" = Corel PaintShop Pro X4 Ultimate Bonus Pack
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{031338C0-4C21-4DAC-875B-26ACD7ADDF23}" = Corel KPT Collection
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45E8DDB3-8FEB-40DB-A6D7-3535392AA559}" = Corel PaintShop Pro X4 Ultimate Bonus Pack
"{470C8EFE-AEB0-402E-B05A-91E08C201033}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1" = PixBuilder Studio 2.0.3
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Any Video Converter_is1" = Any Video Converter 3.3.2
"Auto Update Service" = Canon Auto Update Service
"CameraUserGuide-PSSX40HS" = Canon PowerShot SX40 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.6.8 (17/03/2012) Qt
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.93
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SpywareBlaster_is1" = SpywareBlaster 4.6
"UDPixel" = UDPixel.exe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >






#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 02 May 2012 - 07:45 AM

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


In your next reply, post the following log files:

  • TDSSKiller log
  • MBRCheck log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 02 May 2012 - 04:23 PM

Attached File  TDSSKiller.2.7.34.0_02.05.2012_16.53.26_log.txt   411.97KB   12 downloadsAttached File  MBRCheck_05.02.12_17.02.12.txt   17.31KB   14 downloads

Tried to copy and paste both files, but got a message saying an error occurred, post was too long, so an sending them as attachments.
Thank you for your continued assisstance.

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 May 2012 - 03:56 PM

Thanks!

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):


Enter >>choice<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:


Enter >>choice<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:


Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...


Press Enter. A report will be produced on the desktop. Post that report in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 May 2012 - 06:32 PM

I'm missing something here...
Got as far as Enter >>choice<< and press enter and MBR says DONE
Screeenshot attached

Attached Files



#10 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 May 2012 - 07:00 PM

Whatever I did, Microsoft Security Essential will no longer initialize.....Here's my last MBR log

MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Logical Drives Mask: 0x0001000c
Kernel Drivers (total 211):
0x03001000 \SystemRoot\system32\ntoskrnl.exe
0x035E9000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00CAE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFD000 \SystemRoot\system32\PSHED.dll
0x00D11000 \SystemRoot\system32\CLFS.SYS
0x00E57000 \SystemRoot\system32\CI.dll
0x00F17000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FBB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00FCA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD3000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D6F000 \SystemRoot\system32\drivers\pci.sys
0x00FDD000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FEA000 \SystemRoot\System32\drivers\partmgr.sys
0x00DA2000 \SystemRoot\system32\drivers\compbatt.sys
0x00DAB000 \SystemRoot\system32\drivers\BATTC.SYS
0x00DB7000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01076000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011CA000 \SystemRoot\system32\drivers\atapi.sys
0x011D3000 \SystemRoot\system32\drivers\ataport.SYS
0x01000000 \SystemRoot\system32\drivers\msahci.sys
0x0100B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0101B000 \SystemRoot\system32\drivers\amdxata.sys
0x01026000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C76000 \SystemRoot\system32\drivers\fileinfo.sys
0x01221000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01256000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01445000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01263000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x012C1000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01608000 \SystemRoot\system32\drivers\ndis.sys
0x016FB000 \SystemRoot\system32\drivers\NETIO.SYS
0x0175B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01896000 \SystemRoot\System32\drivers\tcpip.sys
0x01A9A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AE4000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01AF4000 \SystemRoot\system32\drivers\volsnap.sys
0x01B40000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x01B4A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B52000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B8C000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01BB2000 \SystemRoot\System32\Drivers\mup.sys
0x01BC4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\drivers\disk.sys
0x01850000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x02FA2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01786000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
0x02FCC000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
0x02FE0000 \SystemRoot\System32\Drivers\Null.SYS
0x02FE9000 \SystemRoot\System32\Drivers\Beep.SYS
0x0F23A000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
0x103DF000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x103EF000 \SystemRoot\System32\drivers\vga.sys
0x0F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0F225000 \SystemRoot\System32\drivers\watchdog.sys
0x02FF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E09000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02E12000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E1D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BCD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01333000 \SystemRoot\system32\drivers\SbFw.sys
0x01399000 \SystemRoot\system32\drivers\sbtis.sys
0x04022000 \SystemRoot\system32\drivers\afd.sys
0x040AB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040F0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040F9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0411F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04135000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04144000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0415F000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x04166000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0417A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041CB000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
0x041DE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x041F5000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x04000000 \SystemRoot\System32\drivers\discache.sys
0x04636000 \SystemRoot\system32\drivers\csc.sys
0x046B9000 \SystemRoot\System32\Drivers\dfsc.sys
0x046D7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x046E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A00000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044B9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x045AD000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04411000 \SystemRoot\system32\drivers\usbehci.sys
0x04422000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04478000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0470E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x055B2000 \SystemRoot\system32\DRIVERS\risdxc64.sys
0x05A93000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x062FE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0630B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06310000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x0631D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0633B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05856000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x059B8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059BA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x059C9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x059DF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x059E8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0583A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0634A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06379000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06394000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x063B5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05846000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x063CF000 \SystemRoot\system32\DRIVERS\SBFWIM.sys
0x063E8000 \SystemRoot\system32\DRIVERS\psadd.sys
0x05851000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x05A43000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A55000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x0477E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05A65000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08235000 \SystemRoot\system32\drivers\CHDRT64.sys
0x083C1000 \SystemRoot\system32\drivers\portcls.sys
0x08200000 \SystemRoot\system32\drivers\drmk.sys
0x08222000 \SystemRoot\system32\drivers\ksthunk.sys
0x084E7000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x0853A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08548000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08561000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0856A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x08577000 \SystemRoot\System32\drivers\Dxapi.sys
0x08583000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x08591000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x085A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x085C1000 \SystemRoot\system32\DRIVERS\5U877.sys
0x085EA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x08442000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x08450000 \SystemRoot\system32\drivers\luafv.sys
0x08473000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x0848D000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0x08494000 \SystemRoot\system32\drivers\WudfPf.sys
0x084B5000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x08400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x084C6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02CA7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02CFA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02D0D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02D25000 \SystemRoot\system32\drivers\HTTP.sys
0x02C00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02C1E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02C36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04875000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x048C3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x048E7000 \SystemRoot\system32\drivers\peauth.sys
0x0498D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04998000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x049C9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04869000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x090C2000 \SystemRoot\System32\DRIVERS\srv.sys
0x0915A000 \SystemRoot\system32\drivers\sbhips.sys
0x778D0000 \Windows\System32\ntdll.dll
0x47DA0000 \Windows\System32\smss.exe
0xFFBF0000 \Windows\System32\apisetschema.dll
0xFF790000 \Windows\System32\autochk.exe
0xFFA60000 \Windows\System32\urlmon.dll
0x777B0000 \Windows\System32\kernel32.dll
0xFF980000 \Windows\System32\oleaut32.dll
0xFF960000 \Windows\System32\imagehlp.dll
0xFF8C0000 \Windows\System32\clbcatq.dll
0xFF860000 \Windows\System32\Wldap32.dll
0xFF7F0000 \Windows\System32\gdi32.dll
0xFF7C0000 \Windows\System32\imm32.dll
0x776B0000 \Windows\System32\user32.dll
0xFF6B0000 \Windows\System32\msctf.dll
0xFF5E0000 \Windows\System32\usp10.dll
0x77AA0000 \Windows\System32\normaliz.dll
0xFF5C0000 \Windows\System32\sechost.dll
0xFF3E0000 \Windows\System32\setupapi.dll
0xFF300000 \Windows\System32\advapi32.dll
0xFF0A0000 \Windows\System32\iertutil.dll
0xFEE90000 \Windows\System32\ole32.dll
0xFEE10000 \Windows\System32\shlwapi.dll
0xFECE0000 \Windows\System32\wininet.dll
0xFEC40000 \Windows\System32\msvcrt.dll
0xFEBF0000 \Windows\System32\ws2_32.dll
0xFEBE0000 \Windows\System32\lpk.dll
0x77A90000 \Windows\System32\psapi.dll
0xFDE50000 \Windows\System32\shell32.dll
0xFDDD0000 \Windows\System32\difxapi.dll
0xFDDC0000 \Windows\System32\nsi.dll
0xFDC90000 \Windows\System32\rpcrt4.dll
0xFDBF0000 \Windows\System32\comdlg32.dll
0xFDBD0000 \Windows\System32\devobj.dll
0xFDB60000 \Windows\System32\KernelBase.dll
0xFD9F0000 \Windows\System32\crypt32.dll
0xFD9B0000 \Windows\System32\wintrust.dll
0xFD910000 \Windows\System32\comctl32.dll
0xFD8D0000 \Windows\System32\cfgmgr32.dll
0xFD8C0000 \Windows\System32\msasn1.dll
0x76F10000 \Windows\SysWOW64\normaliz.dll
Processes (total 111):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
508 csrss.exe
580 C:\Windows\System32\wininit.exe
600 csrss.exe
636 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\ibmpmsvc.exe
976 C:\Windows\System32\svchost.exe
416 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
528 C:\Windows\System32\winlogon.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\audiodg.exe
1316 C:\Windows\System32\svchost.exe
1408 WUDFHost.exe
1484 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\wlanext.exe
1588 C:\Windows\System32\conhost.exe
1668 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
1880 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
1900 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1948 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
1980 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1996 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1592 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
1224 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2220 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2292 C:\Windows\System32\dwm.exe
2300 C:\Windows\System32\taskhost.exe
2352 C:\Windows\explorer.exe
2484 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
2508 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
2536 C:\Program Files\Lenovo\HOTKEY\micmute.exe
2568 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
2596 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2632 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
2652 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
2712 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2764 C:\Windows\SysWOW64\IoctlSvc.exe
2808 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2836 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2864 C:\Windows\SysWOW64\SASrv.exe
2896 C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
2924 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
2964 C:\Windows\System32\svchost.exe
2992 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3016 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3108 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3200 WmiPrvSE.exe
3544 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3556 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3596 C:\Windows\System32\TpShocks.exe
3640 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
3720 C:\Windows\System32\svchost.exe
3848 C:\Windows\System32\hkcmd.exe
3888 C:\Windows\System32\igfxpers.exe
3916 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
3944 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
1072 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
3296 C:\Windows\System32\svchost.exe
3792 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
3868 C:\Windows\SysWOW64\rundll32.exe
2076 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
4168 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4220 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4252 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
4296 C:\Windows\System32\svchost.exe
4472 unsecapp.exe
4512 C:\Windows\System32\rundll32.exe
4524 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
4588 C:\Windows\System32\rundll32.exe
4668 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
4972 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
5032 C:\PROGRA~2\AD-AWA~1\AdAware.exe
4084 dllhost.exe
4040 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
4604 C:\Windows\System32\wbem\unsecapp.exe
3032 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4780 C:\Program Files\Windows Media Player\wmpnetwk.exe
2288 C:\Windows\System32\rundll32.exe
5404 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
5608 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
5948 C:\Windows\System32\SearchIndexer.exe
5316 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
3692 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
5444 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
4856 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
5072 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3148 C:\Windows\System32\taskeng.exe
3496 C:\Windows\System32\svchost.exe
5596 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4744 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
5452 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5340 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
5332 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
2144 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5788 C:\Windows\System32\svchost.exe
6804 C:\Windows\System32\taskeng.exe
6740 C:\Windows\System32\SearchProtocolHost.exe
6756 C:\Windows\System32\SearchFilterHost.exe
552 dllhost.exe
5680 dllhost.exe
6464 C:\Users\user1\Desktop\MBRCheck.exe
7048 C:\Windows\System32\conhost.exe
4060 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)
PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 099A72F39639E4A40C1CC0CF6D6AA8DCCD1AAD5B

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1
Done!

#11 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 May 2012 - 07:39 PM

To update....reinstalled the latest version of Microsoft Security Essentials and ran http://support.micro....com/kb/2483120. This program appears to be working again.

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 May 2012 - 04:41 AM

Don't run anything without my instructions.

You should fix your MBR. Follow the instructions here for Windows Vista (things are the same):
http://helpdeskgeek....x-mbr-xp-vista/

Finally, post a new fresh MBRCheck log file.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 May 2012 - 11:00 AM

" Don't run anything without my instructions." I apologize, I should have known better.
I don't have a Windows 7 disc, so borrowed the correct version and fixed the MBR.
Here is the latest log


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 213):
0x0304F000 \SystemRoot\system32\ntoskrnl.exe
0x03006000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00CC4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D13000 \SystemRoot\system32\PSHED.dll
0x00D27000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E4E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F01000 \SystemRoot\system32\drivers\ACPI.sys
0x00F58000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F61000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F6B000 \SystemRoot\system32\drivers\pci.sys
0x00F9E000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FAB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC0000 \SystemRoot\system32\drivers\compbatt.sys
0x00FC9000 \SystemRoot\system32\drivers\BATTC.SYS
0x00FD5000 \SystemRoot\system32\drivers\volmgr.sys
0x00D85000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x01048000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0119C000 \SystemRoot\system32\drivers\atapi.sys
0x011A5000 \SystemRoot\system32\drivers\ataport.SYS
0x011CF000 \SystemRoot\system32\drivers\msahci.sys
0x011DA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011EA000 \SystemRoot\system32\drivers\amdxata.sys
0x01236000 \SystemRoot\system32\drivers\fltmgr.sys
0x01282000 \SystemRoot\system32\drivers\fileinfo.sys
0x01296000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x012CB000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01453000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012D8000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01336000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01671000 \SystemRoot\system32\drivers\ndis.sys
0x01764000 \SystemRoot\system32\drivers\NETIO.SYS
0x017C4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018BD000 \SystemRoot\System32\drivers\tcpip.sys
0x01AC1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B0B000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B1B000 \SystemRoot\system32\drivers\volsnap.sys
0x01B67000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x01B71000 \SystemRoot\System32\Drivers\spldr.sys
0x01B79000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BB3000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01BD9000 \SystemRoot\System32\Drivers\mup.sys
0x01BEB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\drivers\disk.sys
0x01850000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x02FD0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E00000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
0x0188E000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
0x02E5F000 \SystemRoot\System32\Drivers\Null.SYS
0x018A2000 \SystemRoot\System32\Drivers\Beep.SYS
0x0F245000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
0x103EA000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x0F200000 \SystemRoot\System32\drivers\vga.sys
0x0F20E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0F233000 \SystemRoot\System32\drivers\watchdog.sys
0x018A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x018B2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BF4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01611000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01633000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E20000 \SystemRoot\system32\drivers\SbFw.sys
0x03E86000 \SystemRoot\system32\drivers\sbtis.sys
0x03EE1000 \SystemRoot\system32\drivers\afd.sys
0x03F6A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FAF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03FB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03FDE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03E00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01640000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03E0F000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x0165B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x013A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01436000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
0x03FF4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E16000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x0120B000 \SystemRoot\System32\drivers\discache.sys
0x04406000 \SystemRoot\system32\drivers\csc.sys
0x04489000 \SystemRoot\System32\Drivers\dfsc.sys
0x044A7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x044B8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A00000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044DE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x055B2000 \SystemRoot\System32\drivers\dxgmms1.sys
0x045D2000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x045E3000 \SystemRoot\system32\drivers\usbehci.sys
0x0469D000 \SystemRoot\system32\drivers\USBPORT.SYS
0x046F3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04717000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04787000 \SystemRoot\system32\DRIVERS\risdxc64.sys
0x05ABA000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x06325000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06332000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06337000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x06344000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06362000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0662E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x06790000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06792000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x067A1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x067B7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x067C0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x067D0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x067E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06371000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x063A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x063BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x063DC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x067F2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\SBFWIM.sys
0x05A19000 \SystemRoot\system32\DRIVERS\psadd.sys
0x067FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05A27000 \SystemRoot\system32\DRIVERS\ks.sys
0x05A6A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A7C000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x047A5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05A8C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0823A000 \SystemRoot\system32\drivers\CHDRT64.sys
0x04600000 \SystemRoot\system32\drivers\portcls.sys
0x083C6000 \SystemRoot\system32\drivers\drmk.sys
0x083E8000 \SystemRoot\system32\drivers\ksthunk.sys
0x0463D000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x083EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x08222000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05AA1000 \SystemRoot\System32\drivers\Dxapi.sys
0x02E68000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02E85000 \SystemRoot\system32\DRIVERS\5U877.sys
0x02EAE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x02F01000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x02F0F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x02F64000 \SystemRoot\system32\drivers\luafv.sys
0x02F87000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x0822F000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0x02FA1000 \SystemRoot\system32\drivers\WudfPf.sys
0x02FC2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0285D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x029B1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x029C4000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x02800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x02831000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04800000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04853000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04866000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0487E000 \SystemRoot\system32\drivers\HTTP.sys
0x04947000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04965000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0497D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x049AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x029D5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08696000 \SystemRoot\system32\drivers\peauth.sys
0x0873C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08747000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08778000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0878A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E55000 \SystemRoot\System32\DRIVERS\srv.sys
0x08EED000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x08EF7000 \SystemRoot\system32\drivers\sbhips.sys
0x08F0A000 \SystemRoot\system32\drivers\spsys.sys
0x77CA0000 \Windows\System32\ntdll.dll
0x478E0000 \Windows\System32\smss.exe
0xFFFC0000 \Windows\System32\apisetschema.dll
0xFFEC0000 \Windows\System32\autochk.exe
0xFFF50000 \Windows\System32\Wldap32.dll
0xFFF20000 \Windows\System32\imm32.dll
0xFFED0000 \Windows\System32\ws2_32.dll
0x77B80000 \Windows\System32\kernel32.dll
0xFFE30000 \Windows\System32\clbcatq.dll
0xFFDB0000 \Windows\System32\difxapi.dll
0xFFD10000 \Windows\System32\msvcrt.dll
0xFFB30000 \Windows\System32\setupapi.dll
0x77E70000 \Windows\System32\normaliz.dll
0xFFAC0000 \Windows\System32\gdi32.dll
0xFFAB0000 \Windows\System32\nsi.dll
0xFF9D0000 \Windows\System32\advapi32.dll
0xFF8A0000 \Windows\System32\wininet.dll
0xFF640000 \Windows\System32\iertutil.dll
0xFF620000 \Windows\System32\imagehlp.dll
0xFF550000 \Windows\System32\usp10.dll
0xFF3D0000 \Windows\System32\urlmon.dll
0xFE640000 \Windows\System32\shell32.dll
0xFE5A0000 \Windows\System32\comdlg32.dll
0x77E60000 \Windows\System32\psapi.dll
0xFE390000 \Windows\System32\ole32.dll
0xFE260000 \Windows\System32\rpcrt4.dll
0xFE180000 \Windows\System32\oleaut32.dll
0xFE100000 \Windows\System32\shlwapi.dll
0xFE0E0000 \Windows\System32\sechost.dll
0xFDFD0000 \Windows\System32\msctf.dll
0x77A80000 \Windows\System32\user32.dll
0xFDFC0000 \Windows\System32\lpk.dll
0xFDF80000 \Windows\System32\wintrust.dll
0xFDE10000 \Windows\System32\crypt32.dll
0xFDDF0000 \Windows\System32\devobj.dll
0xFDD80000 \Windows\System32\KernelBase.dll
0xFDD40000 \Windows\System32\cfgmgr32.dll
0xFDCA0000 \Windows\System32\comctl32.dll
0xFDC90000 \Windows\System32\msasn1.dll
0x77730000 \Windows\SysWOW64\normaliz.dll

Processes (total 107):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
508 csrss.exe
584 C:\Windows\System32\wininit.exe
608 csrss.exe
644 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\ibmpmsvc.exe
988 C:\Windows\System32\svchost.exe
428 C:\Program Files\Microsoft Security Client\MsMpEng.exe
496 C:\Windows\System32\winlogon.exe
968 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
1156 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1364 C:\Windows\System32\svchost.exe
1652 WUDFHost.exe
1696 C:\Windows\System32\svchost.exe
1784 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1968 C:\Windows\System32\wlanext.exe
1976 C:\Windows\System32\conhost.exe
2024 C:\Windows\System32\spoolsv.exe
1512 C:\Windows\System32\svchost.exe
1880 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
1928 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1868 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
2084 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2116 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
2160 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2208 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2408 C:\Windows\System32\dwm.exe
2428 C:\Windows\System32\taskhost.exe
2464 C:\Windows\explorer.exe
2580 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
2612 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
2636 C:\Program Files\Lenovo\HOTKEY\micmute.exe
2668 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
2700 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2728 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
2788 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2844 C:\Windows\SysWOW64\IoctlSvc.exe
2888 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2916 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2952 C:\Windows\SysWOW64\SASrv.exe
2980 C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
3016 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
3048 C:\Windows\System32\svchost.exe
2176 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2356 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3132 WmiPrvSE.exe
3208 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3464 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3716 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3772 C:\Windows\System32\TpShocks.exe
3816 C:\Windows\System32\svchost.exe
3948 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
3984 C:\Windows\System32\hkcmd.exe
4004 C:\Windows\System32\igfxpers.exe
4012 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
4024 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
1036 C:\Program Files\Microsoft Security Client\msseces.exe
3116 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
4188 C:\Windows\System32\svchost.exe
4404 C:\Windows\System32\svchost.exe
4512 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
4536 C:\Windows\SysWOW64\rundll32.exe
4548 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
4584 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4608 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4632 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
4840 unsecapp.exe
4880 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
4900 C:\Windows\System32\rundll32.exe
4920 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
4112 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
4740 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4252 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3476 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5128 C:\PROGRA~2\AD-AWA~1\AdAware.exe
5272 dllhost.exe
5396 C:\Windows\System32\wbem\unsecapp.exe
5768 C:\Program Files\Windows Media Player\wmpnetwk.exe
5432 C:\Windows\System32\rundll32.exe
5728 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
5988 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
1056 C:\Windows\System32\SearchIndexer.exe
3456 C:\Windows\System32\SearchProtocolHost.exe
5968 C:\Windows\System32\SearchFilterHost.exe
3824 C:\Windows\System32\taskeng.exe
3164 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
4488 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2936 C:\Windows\System32\sppsvc.exe
1620 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
5344 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
4580 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2652 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2948 C:\Windows\System32\wbem\WMIADAP.exe
452 dllhost.exe
4576 dllhost.exe
5248 C:\Users\user1\Desktop\MBRCheck.exe
5288 C:\Windows\System32\conhost.exe
636 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 May 2012 - 05:53 AM

Excellent!

Any progress?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 06 May 2012 - 10:40 AM

It wasn't there last night, but it's reappeared today. This isn't that unusual, as it's not always present. And, it doesn't show up on all websites I visit, but it's common on a few.Here are two screenshots from today, the second one showing the "Recommended For You" rectangle that appears after clicking the x on the iphone.

Attached Files



#16 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 06 May 2012 - 10:48 AM

Those screenshots were not the best, let's try again

Attached Files



#17 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 06 May 2012 - 10:59 AM

Ran another MBR check, this one shows an XP MBR code on Physical Drive1, along with the Windows 7 MBR code on Physical Drive0. Both are green.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 212):
0x0304E000 \SystemRoot\system32\ntoskrnl.exe
0x03005000 \SystemRoot\system32\hal.dll
0x00B9E000 \SystemRoot\system32\kdcom.dll
0x00C1B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6A000 \SystemRoot\system32\PSHED.dll
0x00C7E000 \SystemRoot\system32\CLFS.SYS
0x00CDC000 \SystemRoot\system32\CI.dll
0x00E02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EB5000 \SystemRoot\system32\drivers\ACPI.sys
0x00F0C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F15000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F1F000 \SystemRoot\system32\drivers\pci.sys
0x00F52000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F5F000 \SystemRoot\System32\drivers\partmgr.sys
0x00F74000 \SystemRoot\system32\drivers\compbatt.sys
0x00F7D000 \SystemRoot\system32\drivers\BATTC.SYS
0x00F89000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D9C000 \SystemRoot\System32\drivers\mountmgr.sys
0x0103D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01191000 \SystemRoot\system32\drivers\atapi.sys
0x0119A000 \SystemRoot\system32\drivers\ataport.SYS
0x011C4000 \SystemRoot\system32\drivers\msahci.sys
0x011CF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011DF000 \SystemRoot\system32\drivers\amdxata.sys
0x0123B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01287000 \SystemRoot\system32\drivers\fileinfo.sys
0x0129B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x012D0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01418000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012DD000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0133B000 \SystemRoot\System32\Drivers\cng.sys
0x015D6000 \SystemRoot\System32\drivers\pcw.sys
0x015E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0161D000 \SystemRoot\system32\drivers\ndis.sys
0x01710000 \SystemRoot\system32\drivers\NETIO.SYS
0x01770000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018DB000 \SystemRoot\System32\drivers\tcpip.sys
0x01ADF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B29000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B39000 \SystemRoot\system32\drivers\volsnap.sys
0x01B85000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x01B8F000 \SystemRoot\System32\Drivers\spldr.sys
0x01B97000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BD1000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01800000 \SystemRoot\System32\Drivers\mup.sys
0x01812000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0181B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01855000 \SystemRoot\system32\drivers\disk.sys
0x0186B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x02F85000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0179B000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
0x02FAF000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
0x02FC3000 \SystemRoot\System32\Drivers\Null.SYS
0x02FCC000 \SystemRoot\System32\Drivers\Beep.SYS
0x0F235000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
0x103DA000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x103EA000 \SystemRoot\System32\drivers\vga.sys
0x0F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0F225000 \SystemRoot\System32\drivers\watchdog.sys
0x02FD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02FDC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02FE5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02FEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x018A9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04014000 \SystemRoot\system32\drivers\SbFw.sys
0x0407A000 \SystemRoot\system32\drivers\sbtis.sys
0x040D5000 \SystemRoot\system32\drivers\afd.sys
0x0415E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x041A3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x041AC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x041D2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01600000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041F7000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x04000000 \SystemRoot\system32\DRIVERS\termdd.sys
0x013AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01400000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
0x018CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x015F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x103F8000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x01200000 \SystemRoot\System32\drivers\discache.sys
0x044C1000 \SystemRoot\system32\drivers\csc.sys
0x04544000 \SystemRoot\System32\Drivers\dfsc.sys
0x04562000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04573000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A3C000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x046B4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x047A8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x047EE000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04600000 \SystemRoot\system32\drivers\usbehci.sys
0x04611000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04667000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0468B000 \SystemRoot\system32\DRIVERS\risdxc64.sys
0x05AB0000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x0631B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06328000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0632D000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x0633A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06358000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0588D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x059EF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05800000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05816000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0581F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0582F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05845000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05869000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06367000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06396000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x063B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x063D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05875000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\SBFWIM.sys
0x05A19000 \SystemRoot\system32\DRIVERS\psadd.sys
0x05880000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05A27000 \SystemRoot\system32\DRIVERS\ks.sys
0x05A6A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A7C000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x04599000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05A8C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08271000 \SystemRoot\system32\drivers\CHDRT64.sys
0x08200000 \SystemRoot\system32\drivers\portcls.sys
0x0823D000 \SystemRoot\system32\drivers\drmk.sys
0x0825F000 \SystemRoot\system32\drivers\ksthunk.sys
0x08476000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x084C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x084D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x084F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x084F9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x08506000 \SystemRoot\System32\drivers\Dxapi.sys
0x08512000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E1E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x08520000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x08533000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08550000 \SystemRoot\system32\DRIVERS\5U877.sys
0x08579000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x0858A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x085A5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x08400000 \SystemRoot\system32\drivers\luafv.sys
0x08423000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x0843D000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0x08444000 \SystemRoot\system32\drivers\WudfPf.sys
0x08465000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x085B3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x085E4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x028E5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02938000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0294B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02800000 \SystemRoot\system32\drivers\HTTP.sys
0x02963000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02981000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02999000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04470000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x029C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x086EC000 \SystemRoot\system32\drivers\peauth.sys
0x08792000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0879D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x087CE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E50000 \SystemRoot\System32\DRIVERS\srv.sys
0x08EE8000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x08EF2000 \SystemRoot\system32\drivers\sbhips.sys
0x774A0000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFF7C0000 \Windows\System32\apisetschema.dll
0xFF240000 \Windows\System32\autochk.exe
0xFF6D0000 \Windows\System32\oleaut32.dll
0x77670000 \Windows\System32\psapi.dll
0x77660000 \Windows\System32\normaliz.dll
0xFF5F0000 \Windows\System32\advapi32.dll
0xFF550000 \Windows\System32\msvcrt.dll
0x77380000 \Windows\System32\kernel32.dll
0xFE7C0000 \Windows\System32\shell32.dll
0xFE5B0000 \Windows\System32\ole32.dll
0xFE5A0000 \Windows\System32\nsi.dll
0xFE420000 \Windows\System32\urlmon.dll
0xFE240000 \Windows\System32\setupapi.dll
0xFE220000 \Windows\System32\imagehlp.dll
0xFE210000 \Windows\System32\lpk.dll
0xFE0E0000 \Windows\System32\rpcrt4.dll
0xFDFD0000 \Windows\System32\msctf.dll
0xFDEA0000 \Windows\System32\wininet.dll
0xFDC40000 \Windows\System32\iertutil.dll
0xFDBA0000 \Windows\System32\clbcatq.dll
0xFDB50000 \Windows\System32\ws2_32.dll
0xFDAF0000 \Windows\System32\Wldap32.dll
0xFDA70000 \Windows\System32\difxapi.dll
0xFDA00000 \Windows\System32\gdi32.dll
0x77280000 \Windows\System32\user32.dll
0xFD9E0000 \Windows\System32\sechost.dll
0xFD960000 \Windows\System32\shlwapi.dll
0xFD890000 \Windows\System32\usp10.dll
0xFD7F0000 \Windows\System32\comdlg32.dll
0xFD7C0000 \Windows\System32\imm32.dll
0xFD780000 \Windows\System32\wintrust.dll
0xFD6E0000 \Windows\System32\comctl32.dll
0xFD6A0000 \Windows\System32\cfgmgr32.dll
0xFD530000 \Windows\System32\crypt32.dll
0xFD510000 \Windows\System32\devobj.dll
0xFD4A0000 \Windows\System32\KernelBase.dll
0xFD490000 \Windows\System32\msasn1.dll
0x76A80000 \Windows\SysWOW64\normaliz.dll

Processes (total 105):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
508 csrss.exe
580 C:\Windows\System32\wininit.exe
600 csrss.exe
644 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\ibmpmsvc.exe
984 C:\Windows\System32\svchost.exe
400 C:\Program Files\Microsoft Security Client\MsMpEng.exe
528 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
484 C:\Windows\System32\winlogon.exe
1140 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1424 WUDFHost.exe
1496 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\wlanext.exe
1624 C:\Windows\System32\conhost.exe
1704 C:\Windows\System32\spoolsv.exe
1788 C:\Windows\System32\svchost.exe
1936 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
2004 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1396 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
1808 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2000 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
2080 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2140 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
2344 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2532 C:\Windows\System32\dwm.exe
2556 C:\Windows\explorer.exe
2568 C:\Windows\System32\taskhost.exe
2684 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
2712 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
2760 C:\Program Files\Lenovo\HOTKEY\micmute.exe
2804 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
2828 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2864 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
2876 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
2924 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2992 C:\Windows\SysWOW64\IoctlSvc.exe
3032 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
3060 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
452 C:\Windows\SysWOW64\SASrv.exe
2184 C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
2240 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
2268 C:\Windows\System32\svchost.exe
2308 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2752 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3152 WmiPrvSE.exe
3696 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3736 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3756 C:\Windows\System32\TpShocks.exe
3880 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
3888 C:\Windows\System32\svchost.exe
4004 C:\Windows\System32\hkcmd.exe
4052 C:\Windows\System32\igfxpers.exe
4080 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
2608 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
2200 C:\Program Files\Microsoft Security Client\msseces.exe
3124 C:\Windows\System32\svchost.exe
2216 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
4304 C:\Windows\System32\svchost.exe
4388 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
4404 C:\Windows\SysWOW64\rundll32.exe
4416 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
4468 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4508 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4616 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
4732 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
4772 unsecapp.exe
4864 C:\Windows\System32\rundll32.exe
4876 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
4924 C:\Windows\System32\rundll32.exe
4816 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4024 dllhost.exe
5184 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5244 C:\PROGRA~2\AD-AWA~1\AdAware.exe
5380 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5440 C:\Windows\System32\wbem\unsecapp.exe
5828 C:\Program Files\Windows Media Player\wmpnetwk.exe
6008 C:\Windows\System32\rundll32.exe
5756 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
5872 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
5676 C:\Windows\System32\SearchIndexer.exe
1048 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
5232 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
760 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
1656 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
5140 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3836 C:\Windows\System32\svchost.exe
3748 C:\Windows\System32\taskeng.exe
5504 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
1060 C:\Windows\System32\audiodg.exe
3928 C:\Windows\System32\mspaint.exe
7076 C:\Windows\System32\dllhost.exe
5672 dllhost.exe
3104 dllhost.exe
7056 C:\Users\user1\Desktop\malware\MBRCheck.exe
1576 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1
PhysicalDrive1 Model Number: SeagateFreeAgent GoFlex, Rev: 210

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 May 2012 - 11:02 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 80tasmin

80tasmin

    New Member

  • Members
  • Pip
  • 16 posts

Posted 06 May 2012 - 11:42 AM

As requested......

ComboFix 12-05-06.01 - user1 06/05/2012 12:32:30.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4007.1782 [GMT -4:00]
Running from: c:\users\user1\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-06 16:37 . 2012-05-06 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 15:51 . 2012-05-06 15:51 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{225C73FA-BBAA-4402-A9BE-1F906747C885}\offreg.dll
2012-05-06 15:22 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{225C73FA-BBAA-4402-A9BE-1F906747C885}\mpengine.dll
2012-05-05 14:42 . 2012-05-05 14:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F54B971-B546-45D9-A374-0476C2856CDA}\gapaengine.dll
2012-05-05 14:42 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 21:04 . 2012-05-04 00:35 14812 ----a-w- C:\FixitRegBackup.reg
2012-04-30 22:44 . 2012-04-30 22:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-29 21:23 . 2012-04-29 21:23 -------- d-----w- c:\users\user1\AppData\Local\adaware
2012-04-29 21:23 . 2012-04-29 21:23 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-29 21:23 . 2011-05-17 22:36 45904 ----a-w- c:\windows\system32\sbbd.exe
2012-04-29 21:23 . 2011-04-29 18:15 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-29 21:23 . 2011-04-05 21:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-29 21:23 . 2011-04-05 21:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-29 21:22 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-29 21:22 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\programdata\Lavasoft
2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-04-29 21:21 . 2012-04-30 00:15 -------- d-----w- c:\users\user1\AppData\Roaming\Ad-Aware Antivirus
2012-04-29 03:13 . 2012-05-05 18:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 02:25 . 2012-04-29 02:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-29 02:25 . 2012-04-29 02:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-29 02:15 . 2012-05-05 18:13 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 15:50 . 2012-04-15 15:50 -------- d-----w- c:\windows\en
2012-04-15 15:49 . 2012-04-15 15:49 -------- d-----w- c:\program files\Windows Live
2012-04-15 15:47 . 2012-04-15 15:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DSETUP.dll
2012-04-15 15:47 . 2012-04-15 15:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DXSETUP.exe
2012-04-15 15:47 . 2012-04-15 15:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\dsetup32.dll
2012-04-12 05:18 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 05:18 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 05:18 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 05:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 05:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 05:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 05:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 05:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 05:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 05:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:13 . 2011-06-22 19:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 05:24 . 2011-06-25 13:02 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-04 19:56 . 2012-02-25 00:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 13:36 . 2011-07-31 11:31 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-27 02:53 . 2011-06-22 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-26 16:08 . 2012-02-26 16:08 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 10:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 10:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-04-17 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-04-17 61712]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-04-17 931640]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:13]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000Core.job
- c:\users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 14:38]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000UA.job
- c:\users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 14:38]
.
2012-04-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-05-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥w¾Zóe0®³e]
"0"=hex:50,00,31,00,00,00,00,00,9e,40,07,a7,10,00,54,41,53,4d,49,4e,00,00,3a,
00,08,00,04,00,ef,be,da,3e,09,03,9e,40,07,a7,2a,00,00,00,02,a1,01,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHeß´É3]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHeß´É3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W6f‡9(ê]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W6f‡9(ê\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHf<èä½]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHf<èä½\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WOf÷á£J]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WOf÷á£J\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.Wƒfò‘Ї]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.Wƒfò‘Ї\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÃso[ÑU]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÃso[ÑU\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZMe0ü]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZMe0ü\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZóePk¨q]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZóePk¨q\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Zf=œdá]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Zf=œdá\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z×h,Ã]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z×h,Ã\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZiyN0]]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZiyN0]\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZÌiÛUe‡]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZÌiÛUe‡\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZÌi[We‡]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZÌi[We‡\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z0k¿üˆ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z0k¿üˆ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZÃku€ÞT]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZÃku€ÞT\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z l1<»%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z l1<»%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥®tE¥®t.WAfüfô]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥®tE¥®t.WAfüfô\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥®tE¥®t.WYiÇ¢$']
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥®tE¥®t.WYiÇ¢$'\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥øtE¥øt¾ZRhzœ¤ ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥øtE¥øt¾ZRhzœ¤ \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥uE¥u¾Z|d¡ýC3]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥uE¥u¾Z|d¡ýC3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥uE¥u¾ZÐdê¸@Õ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥uE¥u¾ZÐdê¸@Õ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥uE¥u.Whfø«]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥uE¥u.Whfø«\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥*uE¥*u¾Z*eòyÎ1]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥*uE¥*u¾Z*eòyÎ1\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥^uE¥^u¾Zphs*)p]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥^uE¥^u¾Zphs*)p\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥^uE¥^u¾Zphó)p]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥^uE¥^u¾Zphó)p\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥duE¥du.WIg2ÉÆë]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥duE¥du.WIg2ÉÆë\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥fuE¥fu.W¢e‰Ö]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥fuE¥fu.W¢e‰Ö\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥fuE¥fu.WfÆjfH]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥fuE¥fu.WfÆjfH\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥guE¥gu.WaeÏ`Û)]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥guE¥gu.WaeÏ`Û)\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wuE¥wu¾Z”iÙ•m—]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wuE¥wu¾Z”iÙ•m—\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ˆuE¥ˆu.W¾eå ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ˆuE¥ˆu.W¾eå \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥¨uE¥¨u¾Zýi$w¥’]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥¨uE¥¨u¾Zýi$w¥’\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÃuE¥Ãu.WÉe\"bº]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÃuE¥Ãu.WÉe\"bº\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv¾Zád±W"']
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv¾Zád±W"'\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥YvE¥Yv.Weø6€]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥YvE¥Yv.Weø6€\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥dvE¥dv.W•f_O3]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥dvE¥dv.W•f_O3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v¾Zòh±ø]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v¾Zòh±ø\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v¾Zèk´g/X]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v¾Zèk´g/X\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥£vE¥£v¾Z?i:7WR]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥£vE¥£v¾Z?i:7WR\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥w.Weaî]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥w.Weaî\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥w¾Zóe0®³e]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥w¾Zóe0®³e\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥%wE¥%w.WieGêI«]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥%wE¥%w.WieGêI«\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ywE¥yw.Wøc+s‹]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ywE¥yw.Wøc+s‹\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥wE¥w¾Zóe0®³e]
@Allowed: (Read) (RestrictedCode)
"0"=hex:31,00,20,00,38,00,20,00,34,00,20,00,33,00,20,00,36,00,20,00,35,00,20,
00,37,00,20,00,32,00,2e,00,6a,70,67,00,45,a5,0e,77,45,a5,0e,77,be,5a,f3,65,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-06 12:39:26
ComboFix-quarantined-files.txt 2012-05-06 16:39
ComboFix2.txt 2012-05-06 16:30
.
Pre-Run: 404,524,953,600 bytes free
Post-Run: 404,450,193,408 bytes free
.
- - End Of File - - 2976CCA68ADFD0CDF7952CA808FF26B3

#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 May 2012 - 03:24 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

FireFox::
FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0

RegLock::
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥w¾Zóe0®³e]
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|]
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|\OpenWithList]
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©]

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users