Sign in to follow this  
Followers 0
80tasmin

"Recommended For You" slide out

29 posts in this topic

Recently I started getting this pop up that slides up (bottom right) while i am browsing the web. It looks like an iphone. (Screenshot here http://i50.tinypic.com/whxq9y.jpg )

When I click on the x button it minimizes to a small rectangular white box that says "Recommended For You". Any ideas on how to rid myself of this annoyance?

Thanks, Paul

I've scanned with Microsoft Security Essentials and Malwarebytes, but both show my computer is "clean", with no threats found.

An internet search shows this slide out may have something to do with http://www.google-analytics.com/ga.js

Here are the DDS and Attach logs

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by user1 at 18:33:11 on 2012-04-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4007.1702 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\Explorer.EXE

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\SAsrv.exe

C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\TpShocks.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uDefault_Page_URL = hxxp://lenovo.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\user1\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{AB7A3FE2-7240-49B0-8C94-413BF757F4DF} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Hosts: 188.119.151.113 www.google-analytics.com.

Hosts: 188.119.151.113 ad-emea.doubleclick.net.

Hosts: 188.119.151.113 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 59677

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]

R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]

R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]

R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]

R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 253088]

S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]

S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

.

=============== Created Last 30 ================

.

2012-04-29 21:49:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7985429-1543-4291-8DD4-DFD5778D7CBD}\offreg.dll

2012-04-29 21:44:22 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7985429-1543-4291-8DD4-DFD5778D7CBD}\mpengine.dll

2012-04-29 21:23:10 -------- d-----w- C:\Users\user1\AppData\Local\adaware

2012-04-29 21:23:08 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2012-04-29 21:23:06 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-04-29 21:23:06 45904 ----a-w- C:\Windows\System32\sbbd.exe

2012-04-29 21:23:03 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys

2012-04-29 21:23:03 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-04-29 21:22:56 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-04-29 21:22:55 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-04-29 21:22:52 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2012-04-29 21:21:35 -------- d-----w- C:\Users\user1\AppData\Roaming\Ad-Aware Antivirus

2012-04-29 15:49:52 -------- d-----w- C:\Users\user1\AppData\Local\{0CBAAFE1-F282-4C01-B382-B1F49B7421F6}

2012-04-29 15:49:37 -------- d-----w- C:\Users\user1\AppData\Local\{EA208F48-EA07-4185-AFF4-603DB37213AC}

2012-04-29 03:46:58 -------- d-----w- C:\Users\user1\AppData\Local\{CA3C190C-A4FE-4357-922F-FE7781EAC7E1}

2012-04-29 03:46:43 -------- d-----w- C:\Users\user1\AppData\Local\{BA487CB7-B568-419F-90C1-44C685E1D67B}

2012-04-29 03:13:17 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-29 02:25:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-29 02:25:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-29 02:15:19 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-28 14:29:07 -------- d-----w- C:\Users\user1\AppData\Local\{106163FB-36B6-4D04-8CF8-6CFAEE37DDB2}

2012-04-28 14:28:52 -------- d-----w- C:\Users\user1\AppData\Local\{3B276D9D-A6E5-4D43-B280-B96AF02079CB}

2012-04-28 05:39:16 -------- d-----w- C:\Users\user1\AppData\Local\{7C4AAF79-F3AC-4588-8A14-D48E858CE6E9}

2012-04-28 05:39:01 -------- d-----w- C:\Users\user1\AppData\Local\{355F1A28-0282-4816-BA78-A1C42071C9F0}

2012-04-27 05:52:34 -------- d-----w- C:\Users\user1\AppData\Local\{5F0AFC09-4089-4482-814F-3E6E6F57C851}

2012-04-27 05:52:19 -------- d-----w- C:\Users\user1\AppData\Local\{0E30B69D-4B8D-4C01-8E47-4D335FBA3A99}

2012-04-26 16:36:54 -------- d-----w- C:\Users\user1\AppData\Local\{4EA72224-DB4E-4747-AED9-9CD248DFB4E3}

2012-04-26 16:36:39 -------- d-----w- C:\Users\user1\AppData\Local\{A5DDED1D-26A3-4075-A8BD-B7E27F8BF305}

2012-04-26 04:35:26 -------- d-----w- C:\Users\user1\AppData\Local\{9CA5AAB9-C6CE-4AAF-9694-1C9D7189E0ED}

2012-04-26 04:35:12 -------- d-----w- C:\Users\user1\AppData\Local\{4141E85B-908D-4417-8DDB-91ABC5EB1B30}

2012-04-25 16:29:37 -------- d-----w- C:\Users\user1\AppData\Local\{9B533323-4B90-43EF-8F48-5C5D1C68D0A6}

2012-04-25 16:29:22 -------- d-----w- C:\Users\user1\AppData\Local\{F4C3E502-334D-466A-AC5D-C0F2277F141D}

2012-04-24 16:49:24 -------- d-----w- C:\Users\user1\AppData\Local\{3CA56CB0-7980-4AC5-91C9-DAEF160A79F6}

2012-04-24 16:49:09 -------- d-----w- C:\Users\user1\AppData\Local\{BFC72FB3-C0FC-4A99-8CE6-FBC1E7DCAE6A}

2012-04-24 04:29:12 -------- d-----w- C:\Users\user1\AppData\Local\{CF4B4D6E-ED23-4202-BCA5-C481041B7238}

2012-04-24 04:28:57 -------- d-----w- C:\Users\user1\AppData\Local\{DE164F19-5E36-4CF0-9721-574EDB3EC94D}

2012-04-23 14:55:25 -------- d-----w- C:\Users\user1\AppData\Local\{94034CD9-0035-4A4D-B5C9-BBB8449228F4}

2012-04-22 22:52:33 -------- d-----w- C:\Users\user1\AppData\Local\{8774D8C5-3A0F-481C-9389-968E07F84B6A}

2012-04-22 22:52:18 -------- d-----w- C:\Users\user1\AppData\Local\{C5D063A0-E04E-4923-B9F3-9FCD9AD90B25}

2012-04-20 20:55:59 -------- d-----w- C:\Users\user1\AppData\Local\{F73D2B35-6887-49E2-BA2A-2537C3E5F383}

2012-04-20 20:55:44 -------- d-----w- C:\Users\user1\AppData\Local\{DE7EDCED-57DD-49DB-BB03-DAD05FFA5D56}

2012-04-19 21:50:19 -------- d-----w- C:\Users\user1\AppData\Local\{E988C6D5-10CF-4AC4-9E0D-46E228CE62B7}

2012-04-19 21:50:04 -------- d-----w- C:\Users\user1\AppData\Local\{311595BB-D6B1-4165-B577-197B316AC5EC}

2012-04-18 21:00:36 -------- d-----w- C:\Users\user1\AppData\Local\{71CEBFCD-84A2-4DEF-AAEB-8107FFE3C27C}

2012-04-18 21:00:26 -------- d-----w- C:\Users\user1\AppData\Local\{5E521600-1E46-4F14-A837-A55987093307}

2012-04-17 11:01:37 -------- d-----w- C:\Users\user1\AppData\Local\{75852042-B98C-452A-AEB7-84F366DFBF1E}

2012-04-17 11:01:23 -------- d-----w- C:\Users\user1\AppData\Local\{03B01B4B-2790-4718-AE41-CA77588114F4}

2012-04-16 18:02:27 -------- d-----w- C:\Users\user1\AppData\Local\{50D01D00-93A4-4F72-BD26-8255E692CCE8}

2012-04-16 18:02:12 -------- d-----w- C:\Users\user1\AppData\Local\{638F2AE2-3A9A-4AFE-8966-CA6F099E2427}

2012-04-15 15:50:16 -------- d-----w- C:\Windows\en

2012-04-15 15:47:54 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DSETUP.dll

2012-04-15 15:47:54 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DXSETUP.exe

2012-04-15 15:47:54 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\dsetup32.dll

2012-04-15 15:46:45 -------- d-----w- C:\Users\user1\AppData\Local\{255BD702-E1A8-4DC8-B5E0-4E6A95C1DB3C}

2012-04-15 15:46:30 -------- d-----w- C:\Users\user1\AppData\Local\{E018473C-DD44-4034-9CFA-DA175E17CFDC}

2012-04-14 14:36:29 -------- d-----w- C:\Users\user1\AppData\Local\{3623E1BB-728D-4AC8-B81F-1BDC25D26EC4}

2012-04-12 05:18:48 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-12 05:18:48 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-12 05:18:48 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-12 05:16:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 05:16:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 05:16:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 05:16:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 05:16:51 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 05:16:51 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 05:16:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 04:35:08 -------- d-----w- C:\Users\user1\AppData\Local\{162EB1DD-BD54-4FB9-A0A8-F90726868504}

2012-04-10 16:43:00 -------- d-----w- C:\Users\user1\AppData\Local\{BAED8627-6040-4535-858A-895128752241}

2012-04-09 14:35:08 -------- d-----w- C:\Users\user1\AppData\Local\{22B23D08-3EC3-49FB-A269-967FAEDAA0CB}

2012-04-08 01:39:45 -------- d-----w- C:\Users\user1\AppData\Local\{FF0DC12E-90AD-43C5-849A-CCE78E60703A}

2012-04-07 13:47:15 -------- d-----w- C:\Users\user1\AppData\Local\{818F4B87-B47E-402D-B437-193DDC7C64F3}

2012-04-06 11:01:29 -------- d-----w- C:\Users\user1\AppData\Local\{F0D56557-79E0-478D-BD2B-CB676703A1C7}

2012-04-05 20:36:45 -------- d-----w- C:\Users\user1\AppData\Local\{D65D2BD6-73F8-43C1-9E8A-109C0CB17E5F}

2012-04-04 20:41:18 -------- d-----w- C:\Users\user1\AppData\Local\{B7F421DC-A740-429B-85DE-277FBBEA0B64}

2012-04-03 11:02:02 -------- d-----w- C:\Users\user1\AppData\Local\{44D93CC9-0C3F-4CEA-A5FD-00AF59B1591F}

2012-04-02 21:09:52 -------- d-----w- C:\Users\user1\AppData\Local\{99B98E10-DA13-46DA-9D46-EEF90EFEC75A}

2012-04-01 18:05:15 -------- d-----w- C:\Users\user1\AppData\Local\{6C303416-1070-4026-A20E-A9F298B49C19}

2012-03-31 06:11:48 -------- d-----w- C:\Users\user1\AppData\Local\{0F46E303-F747-4E17-BF64-D873BB439952}

.

==================== Find3M ====================

.

2012-04-29 03:13:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-17 05:24:00 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-24 13:36:58 952 --sha-w- C:\ProgramData\KGyGaAvL.sys

2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-27 02:53:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 18:35:02.61 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 22/06/2011 12:07:50 PM

System Uptime: 29/04/2012 5:32:47 PM (1 hours ago)

.

Motherboard: LENOVO | | 11433FU

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 363.476 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 466 GiB total, 225.506 GiB free.

Q: is FIXED (NTFS) - 10 GiB total, 0.734 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP184: 14/04/2012 2:17:56 PM - Revo Uninstaller's restore point - JScreenFix

RP185: 15/04/2012 11:26:38 AM - Windows Update

RP186: 15/04/2012 11:47:53 AM - Windows Live Essentials

RP187: 15/04/2012 11:48:24 AM - Installed DirectX

RP188: 15/04/2012 11:48:39 AM - Installed DirectX

RP189: 15/04/2012 11:48:55 AM - WLSetup

RP190: 19/04/2012 7:11:48 AM - Windows Update

RP191: 22/04/2012 11:05:22 AM - Windows Update

RP192: 22/04/2012 7:02:46 PM - Installed Rapport

RP193: 26/04/2012 1:14:41 AM - Windows Update

RP194: 29/04/2012 12:07:22 PM - Installed Microsoft Fix it 50267

RP195: 29/04/2012 5:43:47 PM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 188.119.151.113 www.google-analytics.com.

Hosts: 188.119.151.113 ad-emea.doubleclick.net.

Hosts: 188.119.151.113 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

Hosts: 69.72.252.254 www.statcounter.com.

.

==== Installed Programs ======================

.

Ad-Aware Antivirus

Ad-Aware Browsing Protection

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 10

Adobe Reader X (10.1.2)

Any Video Converter 3.3.2

Burn.Now 4.5

Canon Auto Update Service

Canon DIGITAL CAMERA Solution Disk Software Guide

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon PowerShot SX40 HS Camera User Guide

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Corel KPT Collection

Corel KPT Collection for PSPX4

Corel PaintShop Pro X4

Corel PaintShop Pro X4 Ultimate Bonus Pack

Corel WinDVD

Create Recovery Media

CyberLink PowerDVD 8

D3DX10

Direct DiscRecorder

DVD Decrypter (Remove Only)

DVD Flick 1.3.0.7

DVD Shrink 3.2

DVDFab 8.1.6.8 (17/03/2012) Qt

Elements 10 Organizer

GIMP 2.6.11

Google Chrome

ICA

Integrated Camera Driver Installer Package Ver.1.1.0.1147

Integrated Camera TWAIN

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Wireless Display

IPM_PSP_COM

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

Lenovo User Guide

Lenovo Warranty Information

Lenovo Welcome

Malwarebytes Anti-Malware version 1.61.0.1400

Memeo Instant Backup

Message Center Plus

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8 Essentials

neroxml

OpenOffice.org 3.3

PhotoScape

Picasa 3

PixBuilder Studio 2.0.3

PSE10 STI Installer

PSPPContent

PSPPHelp

RapidBoot

Rapport

Realtek Ethernet Controller Driver

Rescue and Recovery

Revo Uninstaller 1.93

RICOH Media Driver v2.10.18.02

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Setup

Spybot - Search & Destroy

SpywareBlaster 4.6

System Update

ThinkPad Power Manager

UDPixel.exe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

29/04/2012 5:24:53 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {706FFEF5-7E90-4149-B038-B39106ECDB99} and APPID {7C7C1AC9-F894-423B-AE6C-558286658538} to the user user1-THINK\user1 SID (S-1-5-21-3474410928-4036716992-2113835924-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

29/04/2012 11:00:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28/04/2012 3:17:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

28/04/2012 2:57:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28/04/2012 12:39:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28/04/2012 10:08:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

27/04/2012 12:05:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

27/04/2012 11:04:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

26/04/2012 12:23:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

26/04/2012 12:09:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25/04/2012 3:13:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25/04/2012 12:15:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25/04/2012 11:50:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25/04/2012 10:46:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24/04/2012 12:29:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24/04/2012 12:08:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

23/04/2012 10:47:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

22/04/2012 7:02:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

22/04/2012 4:28:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

22/04/2012 10:37:09 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

22/04/2012 10:37:09 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello 80tasmin and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

What was your version of Microsoft Security Essentials 1.x or 2.x?

Share this post


Link to post
Share on other sites

Microsoft Security Essentials version 2.1.116.0, with latest definitions.

Share this post


Link to post
Share on other sites

Thanks!

That is important, because there are some remnants from your old Micorosft Security Essentials.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Follow the instructions from Fix it for me section to get rid of remnants of Microsoft Security Essentials:

http://support.microsoft.com/kb/2483120

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 5

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • OTL log with Extras.txt

Share this post


Link to post
Share on other sites

As requested, I've

disabled tea timer

used "Fix it for me" to rid old remnants of Microsoft Security Essentials (latest version remains)

Updated Malwarebytes and performed "quick scan" and "scan"

Run aswMBR.exe

Run OTL, "scan all users" "quick scan" (file age 30 days)

•Malwarebytes' Anti-Malware log

•aswMBR log

•OTL log with Extras.txt

logs posted below.....Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

user1 :: USER1-THINK [administrator]

01/05/2012 5:09:26 PM

mbam-log-2012-05-01 (17-09-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197650

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

user1 :: USER1-THINK [administrator]

01/05/2012 5:15:48 PM

mbam-log-2012-05-01 (17-15-48).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 346231

Time elapsed: 1 hour(s), 14 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-01 18:45:31

-----------------------------

18:45:31.742 OS Version: Windows x64 6.1.7601 Service Pack 1

18:45:31.742 Number of processors: 4 586 0x2A07

18:45:31.742 ComputerName: USER1-THINK UserName: user1

18:45:33.411 Initialize success

18:46:43.028 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:46:43.028 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3

18:46:43.044 Disk 0 MBR read successfully

18:46:43.060 Disk 0 MBR scan

18:46:43.060 Disk 0 unknown MBR code

18:46:43.060 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048

18:46:43.075 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465738 MB offset 2459648

18:46:43.106 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072

18:46:43.153 Disk 0 scanning C:\Windows\system32\drivers

18:46:51.546 Service scanning

18:47:03.776 Modules scanning

18:47:03.776 Disk 0 trace - called modules:

18:47:03.776 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

18:47:03.792 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066ac060]

18:47:04.291 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003cf5320]

18:47:04.291 5 ACPI.sys[fffff88000fa77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800544d050]

18:47:04.291 Scan finished successfully

18:47:44.539 Disk 0 MBR has been saved successfully to "C:\Users\user1\Desktop\logs may1\MBR.dat"

18:47:44.539 The log file has been saved successfully to "C:\Users\user1\Desktop\logs may1\aswMBR may 1.txt"

OTL logfile created on: 01/05/2012 6:57:27 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\user1\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.33% Memory free

7.82 Gb Paging File | 5.99 Gb Available in Paging File | 76.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454.82 Gb Total Space | 362.29 Gb Free Space | 79.66% Space Free | Partition Type: NTFS

Drive Q: | 9.77 Gb Total Space | 0.73 Gb Free Space | 7.52% Space Free | Partition Type: NTFS

Computer Name: USER1-THINK | User Name: user1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 18:56:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe

PRC - [2012/04/17 01:23:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe

PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

PRC - [2011/05/04 17:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2011/02/21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/02/03 14:44:00 | 000,057,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

PRC - [2011/01/27 16:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

PRC - [2011/01/27 16:30:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

PRC - [2011/01/27 16:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2011/01/16 23:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2010/12/16 22:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

PRC - [2010/12/11 19:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2010/12/01 23:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010/11/24 03:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe

PRC - [2010/11/18 19:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe

PRC - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

PRC - [2010/04/01 01:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/13 00:21:44 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll

MOD - [2012/04/12 12:10:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll

MOD - [2012/04/12 12:10:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

MOD - [2012/04/12 12:10:33 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012/04/12 12:10:28 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files (x86)\Ad-Aware Antivirus\ThreatWork.dll

MOD - [2012/02/16 11:27:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/16 11:27:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll

MOD - [2012/02/16 11:26:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/16 11:26:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/16 11:26:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2011/10/12 01:45:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/08/07 17:10:11 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll

MOD - [2011/05/04 17:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

MOD - [2011/05/04 17:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

MOD - [2011/05/04 17:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

MOD - [2010/12/11 19:58:50 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll

MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/04/06 12:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll

MOD - [2010/04/06 12:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll

MOD - [2010/03/22 18:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll

MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/01/27 16:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)

SRV:64bit: - [2011/01/27 16:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV:64bit: - [2011/01/13 17:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)

SRV:64bit: - [2010/12/18 18:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2010/12/03 16:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)

SRV:64bit: - [2010/12/02 22:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV:64bit: - [2010/12/01 23:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV:64bit: - [2010/11/24 03:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV:64bit: - [2010/11/12 05:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2010/11/02 16:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2010/11/02 16:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/11/02 16:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/04/28 23:13:43 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)

SRV - [2011/05/04 17:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)

SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®

SRV - [2011/02/21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/02/21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2011/02/03 14:44:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2010/12/11 19:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2010/11/18 19:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)

SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/17 01:24:00 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/25 23:25:11 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)

DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)

DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)

DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011/03/30 19:55:12 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2011/03/30 19:54:36 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/24 06:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/04 21:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)

DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2011/02/03 14:44:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2011/01/13 17:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)

DRV:64bit: - [2011/01/13 17:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)

DRV:64bit: - [2010/12/18 03:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2010/12/18 03:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/12/18 03:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/12/18 03:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/12/18 03:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/12/14 22:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)

DRV:64bit: - [2010/12/03 16:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)

DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/11/23 02:50:12 | 001,567,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/12 05:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/13 16:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)

DRV - [2012/04/17 01:24:00 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2012/04/17 01:23:58 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2011/12/15 17:23:46 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)

DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EA94F8B1-D750-434E-AF50-A12B12D88634}

IE:64bit: - HKLM\..\SearchScopes\{EA94F8B1-D750-434E-AF50-A12B12D88634}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {DBBDF09F-008E-46DB-84A8-62A3ED9F09BF}

IE - HKLM\..\SearchScopes\{DBBDF09F-008E-46DB-84A8-62A3ED9F09BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com

IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\..\SearchScopes,DefaultScope = {DBBDF09F-008E-46DB-84A8-62A3ED9F09BF}

IE - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 59677

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 10:48:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/18 10:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Extensions

[2012/04/25 00:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\568abahm.default\extensions

[2012/04/25 00:52:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\568abahm.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2012/02/26 22:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/26 22:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\user1\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Gmail = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/18 01:38:10 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 188.119.151.113 www.google-analytics.com.

O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.

O1 - Hosts: 188.119.151.113 www.statcounter.com.

O1 - Hosts: 69.72.252.254 www.google-analytics.com.

O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.

O1 - Hosts: 69.72.252.254 www.statcounter.com.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()

O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8:64bit: - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found

O8:64bit: - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found

O8:64bit: - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found

O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB7A3FE2-7240-49B0-8C94-413BF757F4DF}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKU\S-1-5-21-3474410928-4036716992-2113835924-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{07ddebc6-87f0-11e0-be62-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{07ddebc6-87f0-11e0-be62-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)

O33 - MountPoints2\{39c7a6d1-9f84-11e0-8622-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{39c7a6d1-9f84-11e0-8622-806e6f6e6963}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 18:56:42 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe

[2012/05/01 17:20:47 | 000,000,000 | ---D | C] -- C:\Users\user1\Desktop\logs may1

[2012/05/01 16:55:30 | 000,000,000 | R--D | C] -- C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8

[2012/05/01 07:08:18 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{1F174FE2-AA36-43B0-B888-D169F297B768}

[2012/05/01 07:08:03 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{D0BE9B45-B58A-4461-8CA2-8C1B0C8992D8}

[2012/04/30 18:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/04/30 17:02:08 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{CD9E9C01-8A99-4407-963D-F3461DB15B6E}

[2012/04/30 17:01:53 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{AEA0A4B2-2A00-4F62-A31F-C762CBF8203A}

[2012/04/29 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\adaware

[2012/04/29 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/04/29 17:23:06 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2012/04/29 17:23:06 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe

[2012/04/29 17:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012/04/29 17:23:03 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys

[2012/04/29 17:23:03 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys

[2012/04/29 17:22:56 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys

[2012/04/29 17:22:55 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys

[2012/04/29 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/04/29 17:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012/04/29 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\Ad-Aware Antivirus

[2012/04/29 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{0CBAAFE1-F282-4C01-B382-B1F49B7421F6}

[2012/04/29 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{EA208F48-EA07-4185-AFF4-603DB37213AC}

[2012/04/29 11:21:39 | 006,243,960 | ---- | C] (Lavasoft Limited) -- C:\Users\user1\Desktop\Adaware_Installer.exe

[2012/04/28 23:46:58 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{CA3C190C-A4FE-4357-922F-FE7781EAC7E1}

[2012/04/28 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{BA487CB7-B568-419F-90C1-44C685E1D67B}

[2012/04/28 22:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/04/28 22:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/04/28 22:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/04/28 10:29:07 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{106163FB-36B6-4D04-8CF8-6CFAEE37DDB2}

[2012/04/28 10:28:52 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{3B276D9D-A6E5-4D43-B280-B96AF02079CB}

[2012/04/28 01:39:16 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{7C4AAF79-F3AC-4588-8A14-D48E858CE6E9}

[2012/04/28 01:39:01 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{355F1A28-0282-4816-BA78-A1C42071C9F0}

[2012/04/27 01:52:34 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{5F0AFC09-4089-4482-814F-3E6E6F57C851}

[2012/04/27 01:52:19 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{0E30B69D-4B8D-4C01-8E47-4D335FBA3A99}

[2012/04/26 12:36:54 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{4EA72224-DB4E-4747-AED9-9CD248DFB4E3}

[2012/04/26 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{A5DDED1D-26A3-4075-A8BD-B7E27F8BF305}

[2012/04/26 00:35:26 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{9CA5AAB9-C6CE-4AAF-9694-1C9D7189E0ED}

[2012/04/26 00:35:12 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{4141E85B-908D-4417-8DDB-91ABC5EB1B30}

[2012/04/25 12:29:37 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{9B533323-4B90-43EF-8F48-5C5D1C68D0A6}

[2012/04/25 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{F4C3E502-334D-466A-AC5D-C0F2277F141D}

[2012/04/24 12:49:24 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{3CA56CB0-7980-4AC5-91C9-DAEF160A79F6}

[2012/04/24 12:49:09 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{BFC72FB3-C0FC-4A99-8CE6-FBC1E7DCAE6A}

[2012/04/24 00:29:12 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{CF4B4D6E-ED23-4202-BCA5-C481041B7238}

[2012/04/24 00:28:57 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{DE164F19-5E36-4CF0-9721-574EDB3EC94D}

[2012/04/23 10:55:25 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{94034CD9-0035-4A4D-B5C9-BBB8449228F4}

[2012/04/22 18:52:33 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{8774D8C5-3A0F-481C-9389-968E07F84B6A}

[2012/04/22 18:52:18 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{C5D063A0-E04E-4923-B9F3-9FCD9AD90B25}

[2012/04/20 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{F73D2B35-6887-49E2-BA2A-2537C3E5F383}

[2012/04/20 16:55:44 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{DE7EDCED-57DD-49DB-BB03-DAD05FFA5D56}

[2012/04/19 17:50:19 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{E988C6D5-10CF-4AC4-9E0D-46E228CE62B7}

[2012/04/19 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{311595BB-D6B1-4165-B577-197B316AC5EC}

[2012/04/18 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{71CEBFCD-84A2-4DEF-AAEB-8107FFE3C27C}

[2012/04/18 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{5E521600-1E46-4F14-A837-A55987093307}

[2012/04/17 07:01:37 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{75852042-B98C-452A-AEB7-84F366DFBF1E}

[2012/04/17 07:01:23 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{03B01B4B-2790-4718-AE41-CA77588114F4}

[2012/04/16 14:02:27 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{50D01D00-93A4-4F72-BD26-8255E692CCE8}

[2012/04/16 14:02:12 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{638F2AE2-3A9A-4AFE-8966-CA6F099E2427}

[2012/04/15 11:50:16 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/04/15 11:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/04/15 11:46:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{255BD702-E1A8-4DC8-B5E0-4E6A95C1DB3C}

[2012/04/15 11:46:30 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{E018473C-DD44-4034-9CFA-DA175E17CFDC}

[2012/04/14 10:36:29 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{3623E1BB-728D-4AC8-B81F-1BDC25D26EC4}

[2012/04/12 00:35:08 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{162EB1DD-BD54-4FB9-A0A8-F90726868504}

[2012/04/10 12:43:00 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{BAED8627-6040-4535-858A-895128752241}

[2012/04/09 10:35:08 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{22B23D08-3EC3-49FB-A269-967FAEDAA0CB}

[2012/04/07 21:39:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{FF0DC12E-90AD-43C5-849A-CCE78E60703A}

[2012/04/07 09:47:15 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{818F4B87-B47E-402D-B437-193DDC7C64F3}

[2012/04/06 07:01:29 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{F0D56557-79E0-478D-BD2B-CB676703A1C7}

[2012/04/05 16:36:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{D65D2BD6-73F8-43C1-9E8A-109C0CB17E5F}

[2012/04/04 16:41:18 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{B7F421DC-A740-429B-85DE-277FBBEA0B64}

[2012/04/03 07:02:02 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{44D93CC9-0C3F-4CEA-A5FD-00AF59B1591F}

[2012/04/02 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\{99B98E10-DA13-46DA-9D46-EEF90EFEC75A}

========== Files - Modified Within 30 Days ==========

[2012/05/01 18:56:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe

[2012/05/01 18:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000UA.job

[2012/05/01 18:13:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/01 17:09:13 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/05/01 17:05:57 | 000,002,304 | ---- | M] () -- C:\FixitRegBackup.reg

[2012/05/01 17:01:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 17:01:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 16:59:52 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/01 16:59:52 | 000,631,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/01 16:59:52 | 000,112,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/01 16:55:27 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/05/01 16:54:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/01 16:54:27 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/30 18:44:37 | 000,001,682 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml

[2012/04/30 18:44:37 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012/04/30 18:44:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/04/30 18:44:15 | 000,735,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/30 06:37:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012/04/29 17:33:11 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/29 13:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000Core.job

[2012/04/29 11:21:56 | 006,243,960 | ---- | M] (Lavasoft Limited) -- C:\Users\user1\Desktop\Adaware_Installer.exe

[2012/04/24 12:54:38 | 000,606,040 | ---- | M] () -- C:\Users\user1\Desktop\https___www.medavie.bluecross.pdf

[2012/04/17 01:24:00 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys

[2012/04/16 16:24:09 | 000,000,511 | ---- | M] () -- C:\Users\user1\Desktop\GRAEME 931.rtf

[2012/04/13 00:12:06 | 000,002,416 | ---- | M] () -- C:\Users\user1\Desktop\Google Chrome.lnk

[2012/04/11 13:25:02 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/01 17:04:13 | 000,002,304 | ---- | C] () -- C:\FixitRegBackup.reg

[2012/04/30 18:44:37 | 000,001,682 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml

[2012/04/30 18:44:37 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012/04/29 17:34:11 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012/04/29 17:23:05 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/04/28 22:15:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/24 12:54:38 | 000,606,040 | ---- | C] () -- C:\Users\user1\Desktop\https___www.medavie.bluecross.pdf

[2012/04/16 16:24:09 | 000,000,511 | ---- | C] () -- C:\Users\user1\Desktop\GRAEME 931.rtf

[2012/04/11 13:25:02 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/07 18:50:39 | 000,010,752 | ---- | C] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/17 14:41:36 | 000,007,606 | ---- | C] () -- C:\Users\user1\AppData\Local\Resmon.ResmonCfg

[2012/01/16 00:05:53 | 000,009,513 | ---- | C] () -- C:\Users\user1\AppData\Roaming\2be43f3f

[2012/01/16 00:05:53 | 000,009,488 | ---- | C] () -- C:\Users\user1\AppData\Local\3d4df88a

[2012/01/16 00:05:53 | 000,009,467 | ---- | C] () -- C:\ProgramData\465f0191

[2011/12/23 14:15:54 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll

[2011/07/31 07:31:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/06/22 15:39:38 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/26 19:45:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/05/26 19:45:31 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/05/26 19:45:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/05/26 19:27:15 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2011/08/22 18:40:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer

[2011/08/22 18:40:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

[2012/01/19 01:42:50 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\31864

[2012/01/19 02:58:31 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\9E331

[2012/04/29 20:15:51 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Ad-Aware Antivirus

[2012/01/22 22:31:37 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\AnvSoft

[2011/12/10 02:22:50 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/12/09 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/01/24 18:55:39 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\gtk-2.0

[2012/02/17 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\IObit

[2011/09/11 11:05:15 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Leadertech

[2011/09/11 11:10:44 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Memeo

[2011/12/31 14:09:49 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Nik Software

[2011/12/23 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\No Company Name

[2011/06/23 11:58:26 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\OpenOffice.org

[2012/02/18 02:35:46 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Orbit

[2011/07/10 10:44:52 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PCDr

[2011/12/16 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PDAppFlex

[2012/01/16 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PhotoScape

[2012/01/22 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\ProgSense

[2011/06/22 12:23:04 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PwrMgr

[2011/09/11 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Seagate

[2011/06/25 09:02:24 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Trusteer

[2012/03/24 09:35:19 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Ulead Systems

[2011/07/10 10:41:53 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Update

[2011/07/07 08:03:30 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Windows Live Writer

[2012/04/30 06:37:02 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012/04/29 17:33:11 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/19 07:00:53 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/05/01 17:09:13 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 01/05/2012 6:57:27 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\user1\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.33% Memory free

7.82 Gb Paging File | 5.99 Gb Available in Paging File | 76.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454.82 Gb Total Space | 362.29 Gb Free Space | 79.66% Space Free | Partition Type: NTFS

Drive Q: | 9.77 Gb Total Space | 0.73 Gb Free Space | 7.52% Space Free | Partition Type: NTFS

Computer Name: USER1-THINK | User Name: user1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Pro X4] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Pro X4] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01653C2B-B187-4D83-AFDB-717350874CEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{02887AE5-8F8B-4D58-8897-D191DCB78A6B}" = lport=137 | protocol=17 | dir=in | app=system |

"{09BAA6CB-8DA9-4AB2-8E58-5FAA5AC0493F}" = rport=445 | protocol=6 | dir=out | app=system |

"{0B6A53C8-F342-4530-9C9F-B341195DEBF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{16BCF4F6-1886-4ECB-8CFA-A8C0FECB8D98}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{42079FA5-E135-45F2-9A84-A3F30C022FD9}" = rport=10243 | protocol=6 | dir=out | app=system |

"{5ABC9D1E-3CCA-428B-BA7F-19E60FD6C1DF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{62ADD6A0-8C7F-48DE-80C6-EE70C201354A}" = lport=139 | protocol=6 | dir=in | app=system |

"{7CCCCEF4-D0CB-4692-8FB4-7CAEC1B1378B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7DEE3503-9FB1-448E-ACEA-0BC8DD880D6A}" = lport=10243 | protocol=6 | dir=in | app=system |

"{9972CD1A-C045-4B85-BAE6-0332247C7B66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A3E7DC22-0E49-4E24-9C2C-76209914015A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{AB6624F4-6849-44DB-9CCD-1C188D22C91B}" = lport=138 | protocol=17 | dir=in | app=system |

"{BD3627B7-9B42-4C39-A9E6-14AC8CBAA2AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{D4713433-1287-4DF0-8CC7-76E39D3E9FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D71878B9-169F-4DA5-A3D9-42ECB356F63D}" = rport=137 | protocol=17 | dir=out | app=system |

"{DA9A1D06-7D29-4D74-83D4-1095113303C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DC82B329-30BE-4606-B7E6-B73A49B08443}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E23A6473-AEE4-444C-ADA2-2465D8236819}" = rport=139 | protocol=6 | dir=out | app=system |

"{E6364D22-4E4E-42E3-872B-019C31F8144C}" = lport=445 | protocol=6 | dir=in | app=system |

"{E6C158FD-FB92-4078-9190-E6FF3FAF7061}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{EBE0FD1B-8A2E-4D69-86B2-E7885CD14FB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EDFE3E0E-053C-4E14-967E-4DF1E5C94DE7}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C8B192B-F680-49EB-BA8C-345FA8CB2C03}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

"{13B12835-3905-4FAF-94C0-EBE35156F173}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

"{20CBE46E-1E31-463D-A232-FE713EEA6997}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{228D6B05-BB3E-4FEC-B7EB-36A4185A5013}" = protocol=58 | dir=in | app=system |

"{2B6AB279-CB54-4005-BBAC-3AC6F9AC8286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{40C6E6DC-1EFC-486A-AFC9-7D6265D10FF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{412BF0F3-1C5E-47B0-B301-2AC633499631}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4C6D8DE4-C83F-4E3B-A0D8-2FFBA1EA27B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4FD2446B-65FE-4932-B64A-37ED7F9E44D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{54A8B366-C4D6-462C-839D-E162E753C42E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5EFF9B63-3920-402B-903E-36A5CAEFA05F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{62B9D8C4-C4D7-4F47-9F12-161524E0D588}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

"{6A0579BE-68F0-4D02-A659-360A80CD9AA1}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{76E66258-2108-4FC2-B1F9-F66D4AA6F9B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7BCAD822-1818-481F-B80C-3CBE5F3F8FC1}" = protocol=6 | dir=out | app=system |

"{7E5F467B-8E3B-44AD-BE6B-E2E84FE4DC64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{88CC1F31-D714-4700-ADA0-93FDD7D8EFD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8E3E4120-8EEC-486F-B7AB-B3903130A568}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{93296F1A-B13F-49C0-BFB8-0F296A9929D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{95E593E3-DEEF-43B2-BD2D-B9C62B843549}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |

"{BBC88508-5555-4D1B-BDDB-A64085CE0D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BBCA4388-FB69-40E0-88E2-B65CB1B8BFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

"{C949D3BA-673C-4C1E-86F2-FFB73922DB0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D26D6B40-6FE6-4CD5-922F-C49436E1B30B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |

"{D4A26C52-B4E6-4ECD-B881-04F7E4C98B21}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D820B0C2-4A33-4C88-BEE7-9581594399A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{DC2D8B88-FCB4-4F5D-8C58-A7E53655E382}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

"{E376A278-5DBC-4766-80E4-EE5B17591B56}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

"{E488166D-0BCA-4912-8F70-3F14829792E6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{EA9B9B3C-E4CA-4F4A-AE2A-D225A63BA9DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F12C78BB-0BCD-4A6A-A467-AB28F86522DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{00F562B4-DF71-4750-A03F-D0ECC6EE1CF8}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |

"TCP Query User{59BE472B-DFC7-416E-9215-7E202826B7A8}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |

"TCP Query User{E7770E9F-A436-4FCF-9092-E68F245AB79C}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe |

"UDP Query User{4D5A9D94-AB40-4E61-A970-F751F22D3060}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |

"UDP Query User{C9DCDF4F-B5DE-4F62-9F0C-CA39866A2136}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe |

"UDP Query User{CC63366F-B440-4B34-B86A-899236AE9803}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AF162E20-417F-4946-A06D-65734984957F}" = Intel® PROSet/Wireless WiFi Software

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF" = Windows Driver Package - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)

"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)

"5DF942712DC7660AE4A1B04809A1C3F67B0CA27C" = Windows Driver Package - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0)

"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant 20671 SmartAudio HD

"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7

"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4

"_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}" = Corel KPT Collection for PSPX4

"_{45E8DDB3-8FEB-40DB-A6D7-3535392AA559}" = Corel PaintShop Pro X4 Ultimate Bonus Pack

"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA

"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent

"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4

"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM

"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup

"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp

"{031338C0-4C21-4DAC-875B-26ACD7ADDF23}" = Corel KPT Collection

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer

"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{45E8DDB3-8FEB-40DB-A6D7-3535392AA559}" = Corel PaintShop Pro X4 Ultimate Bonus Pack

"{470C8EFE-AEB0-402E-B05A-91E08C201033}" = Nero 8 Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147

"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0

"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot

"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant

"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1" = PixBuilder Studio 2.0.3

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10

"Any Video Converter_is1" = Any Video Converter 3.3.2

"Auto Update Service" = Canon Auto Update Service

"CameraUserGuide-PSSX40HS" = Canon PowerShot SX40 HS Camera User Guide

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Flick_is1" = DVD Flick 1.3.0.7

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab 8 Qt_is1" = DVDFab 8.1.6.8 (17/03/2012) Qt

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition

"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"Lenovo Welcome_is1" = Lenovo Welcome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"MyCamera" = Canon Utilities MyCamera

"PhotoScape" = PhotoScape

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"Rapport_msi" = Rapport

"Revo Uninstaller" = Revo Uninstaller 1.93

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"SpywareBlaster_is1" = SpywareBlaster 4.6

"UDPixel" = UDPixel.exe

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

In your next reply, post the following log files:

  • TDSSKiller log
  • MBRCheck log

Share this post


Link to post
Share on other sites

Thanks!

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter >>choice<< and press Enter

The following dialog will be presented:

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Enter >>choice<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter. A report will be produced on the desktop. Post that report in your next reply.

Share this post


Link to post
Share on other sites

I'm missing something here...

Got as far as Enter >>choice<< and press enter and MBR says DONE

Screeenshot attached

post-111524-0-82019800-1336087892.jpg

Share this post


Link to post
Share on other sites

Whatever I did, Microsoft Security Essential will no longer initialize.....Here's my last MBR log

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 64-bit

Logical Drives Mask: 0x0001000c

Kernel Drivers (total 211):

0x03001000 \SystemRoot\system32\ntoskrnl.exe

0x035E9000 \SystemRoot\system32\hal.dll

0x00BA9000 \SystemRoot\system32\kdcom.dll

0x00CAE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CFD000 \SystemRoot\system32\PSHED.dll

0x00D11000 \SystemRoot\system32\CLFS.SYS

0x00E57000 \SystemRoot\system32\CI.dll

0x00F17000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00FBB000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00E00000 \SystemRoot\system32\drivers\ACPI.sys

0x00FCA000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FD3000 \SystemRoot\system32\drivers\msisadrv.sys

0x00D6F000 \SystemRoot\system32\drivers\pci.sys

0x00FDD000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00FEA000 \SystemRoot\System32\drivers\partmgr.sys

0x00DA2000 \SystemRoot\system32\drivers\compbatt.sys

0x00DAB000 \SystemRoot\system32\drivers\BATTC.SYS

0x00DB7000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys

0x01076000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x011CA000 \SystemRoot\system32\drivers\atapi.sys

0x011D3000 \SystemRoot\system32\drivers\ataport.SYS

0x01000000 \SystemRoot\system32\drivers\msahci.sys

0x0100B000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x0101B000 \SystemRoot\system32\drivers\amdxata.sys

0x01026000 \SystemRoot\system32\drivers\fltmgr.sys

0x00C76000 \SystemRoot\system32\drivers\fileinfo.sys

0x01221000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01256000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01445000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01263000 \SystemRoot\System32\Drivers\msrpc.sys

0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys

0x012C1000 \SystemRoot\System32\Drivers\cng.sys

0x0141B000 \SystemRoot\System32\drivers\pcw.sys

0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01608000 \SystemRoot\system32\drivers\ndis.sys

0x016FB000 \SystemRoot\system32\drivers\NETIO.SYS

0x0175B000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01896000 \SystemRoot\System32\drivers\tcpip.sys

0x01A9A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01AE4000 \SystemRoot\system32\drivers\vmstorfl.sys

0x01AF4000 \SystemRoot\system32\drivers\volsnap.sys

0x01B40000 \SystemRoot\System32\DRIVERS\ApsHM64.sys

0x01B4A000 \SystemRoot\System32\Drivers\spldr.sys

0x01B52000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B8C000 \SystemRoot\System32\DRIVERS\Apsx64.sys

0x01BB2000 \SystemRoot\System32\Drivers\mup.sys

0x01BC4000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0183A000 \SystemRoot\system32\drivers\disk.sys

0x01850000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x02FA2000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01786000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys

0x02FCC000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

0x02FE0000 \SystemRoot\System32\Drivers\Null.SYS

0x02FE9000 \SystemRoot\System32\Drivers\Beep.SYS

0x0F23A000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

0x103DF000 \??\C:\Windows\system32\drivers\SBREdrv.sys

0x103EF000 \SystemRoot\System32\drivers\vga.sys

0x0F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0F225000 \SystemRoot\System32\drivers\watchdog.sys

0x02FF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02E00000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02E09000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02E12000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02E1D000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01BCD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02E2E000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01333000 \SystemRoot\system32\drivers\SbFw.sys

0x01399000 \SystemRoot\system32\drivers\sbtis.sys

0x04022000 \SystemRoot\system32\drivers\afd.sys

0x040AB000 \SystemRoot\System32\DRIVERS\netbt.sys

0x040F0000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x040F9000 \SystemRoot\system32\DRIVERS\pacer.sys

0x0411F000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x04135000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04144000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x0415F000 \SystemRoot\System32\drivers\Tppwr64v.sys

0x04166000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0417A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x041CB000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

0x041DE000 \SystemRoot\system32\drivers\nsiproxy.sys

0x041EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x041F5000 \SystemRoot\system32\DRIVERS\smiifx64.sys

0x04000000 \SystemRoot\System32\drivers\discache.sys

0x04636000 \SystemRoot\system32\drivers\csc.sys

0x046B9000 \SystemRoot\System32\Drivers\dfsc.sys

0x046D7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x046E8000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04A00000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x044B9000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x045AD000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04400000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x04411000 \SystemRoot\system32\drivers\usbehci.sys

0x04422000 \SystemRoot\system32\drivers\USBPORT.SYS

0x04478000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x0470E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x055B2000 \SystemRoot\system32\DRIVERS\risdxc64.sys

0x05A93000 \SystemRoot\system32\DRIVERS\NETwNs64.sys

0x062FE000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x0630B000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x06310000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

0x0631D000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x0633B000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05856000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x059B8000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x059BA000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x059C9000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x059DF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x059E8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x05800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x05816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x0583A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x0634A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06379000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x06394000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x063B5000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05846000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x063CF000 \SystemRoot\system32\DRIVERS\SBFWIM.sys

0x063E8000 \SystemRoot\system32\DRIVERS\psadd.sys

0x05851000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05A00000 \SystemRoot\system32\DRIVERS\ks.sys

0x05A43000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05A55000 \SystemRoot\system32\DRIVERS\WDKMD.sys

0x0477E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05A65000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x08235000 \SystemRoot\system32\drivers\CHDRT64.sys

0x083C1000 \SystemRoot\system32\drivers\portcls.sys

0x08200000 \SystemRoot\system32\drivers\drmk.sys

0x08222000 \SystemRoot\system32\drivers\ksthunk.sys

0x084E7000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x0853A000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x08548000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x08561000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x0856A000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x08577000 \SystemRoot\System32\drivers\Dxapi.sys

0x08583000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x08591000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x085A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x085C1000 \SystemRoot\system32\DRIVERS\5U877.sys

0x085EA000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x08442000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00590000 \SystemRoot\System32\TSDDD.dll

0x006F0000 \SystemRoot\System32\cdd.dll

0x08450000 \SystemRoot\system32\drivers\luafv.sys

0x08473000 \SystemRoot\system32\DRIVERS\sbapifs.sys

0x0848D000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

0x08494000 \SystemRoot\system32\drivers\WudfPf.sys

0x084B5000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0x08400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x084C6000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02CA7000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x02CFA000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x02D0D000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02D25000 \SystemRoot\system32\drivers\HTTP.sys

0x02C00000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02C1E000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02C36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x04875000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x048C3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x048E7000 \SystemRoot\system32\drivers\peauth.sys

0x0498D000 \SystemRoot\System32\Drivers\secdrv.SYS

0x04998000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x049C9000 \SystemRoot\System32\drivers\tcpipreg.sys

0x04800000 \SystemRoot\System32\DRIVERS\srv2.sys

0x04869000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x090C2000 \SystemRoot\System32\DRIVERS\srv.sys

0x0915A000 \SystemRoot\system32\drivers\sbhips.sys

0x778D0000 \Windows\System32\ntdll.dll

0x47DA0000 \Windows\System32\smss.exe

0xFFBF0000 \Windows\System32\apisetschema.dll

0xFF790000 \Windows\System32\autochk.exe

0xFFA60000 \Windows\System32\urlmon.dll

0x777B0000 \Windows\System32\kernel32.dll

0xFF980000 \Windows\System32\oleaut32.dll

0xFF960000 \Windows\System32\imagehlp.dll

0xFF8C0000 \Windows\System32\clbcatq.dll

0xFF860000 \Windows\System32\Wldap32.dll

0xFF7F0000 \Windows\System32\gdi32.dll

0xFF7C0000 \Windows\System32\imm32.dll

0x776B0000 \Windows\System32\user32.dll

0xFF6B0000 \Windows\System32\msctf.dll

0xFF5E0000 \Windows\System32\usp10.dll

0x77AA0000 \Windows\System32\normaliz.dll

0xFF5C0000 \Windows\System32\sechost.dll

0xFF3E0000 \Windows\System32\setupapi.dll

0xFF300000 \Windows\System32\advapi32.dll

0xFF0A0000 \Windows\System32\iertutil.dll

0xFEE90000 \Windows\System32\ole32.dll

0xFEE10000 \Windows\System32\shlwapi.dll

0xFECE0000 \Windows\System32\wininet.dll

0xFEC40000 \Windows\System32\msvcrt.dll

0xFEBF0000 \Windows\System32\ws2_32.dll

0xFEBE0000 \Windows\System32\lpk.dll

0x77A90000 \Windows\System32\psapi.dll

0xFDE50000 \Windows\System32\shell32.dll

0xFDDD0000 \Windows\System32\difxapi.dll

0xFDDC0000 \Windows\System32\nsi.dll

0xFDC90000 \Windows\System32\rpcrt4.dll

0xFDBF0000 \Windows\System32\comdlg32.dll

0xFDBD0000 \Windows\System32\devobj.dll

0xFDB60000 \Windows\System32\KernelBase.dll

0xFD9F0000 \Windows\System32\crypt32.dll

0xFD9B0000 \Windows\System32\wintrust.dll

0xFD910000 \Windows\System32\comctl32.dll

0xFD8D0000 \Windows\System32\cfgmgr32.dll

0xFD8C0000 \Windows\System32\msasn1.dll

0x76F10000 \Windows\SysWOW64\normaliz.dll

Processes (total 111):

0 System Idle Process

4 System

380 C:\Windows\System32\smss.exe

508 csrss.exe

580 C:\Windows\System32\wininit.exe

600 csrss.exe

636 C:\Windows\System32\services.exe

660 C:\Windows\System32\lsass.exe

668 C:\Windows\System32\lsm.exe

780 C:\Windows\System32\svchost.exe

916 C:\Windows\System32\ibmpmsvc.exe

976 C:\Windows\System32\svchost.exe

416 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

528 C:\Windows\System32\winlogon.exe

1096 C:\Windows\System32\svchost.exe

1132 C:\Windows\System32\svchost.exe

1172 C:\Windows\System32\svchost.exe

1236 C:\Windows\System32\audiodg.exe

1316 C:\Windows\System32\svchost.exe

1408 WUDFHost.exe

1484 C:\Windows\System32\svchost.exe

1580 C:\Windows\System32\wlanext.exe

1588 C:\Windows\System32\conhost.exe

1668 C:\Windows\System32\spoolsv.exe

1764 C:\Windows\System32\svchost.exe

1880 C:\Program Files\Lenovo\HOTKEY\tphkload.exe

1900 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

1948 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

1980 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1996 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

1592 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

1224 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2220 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

2292 C:\Windows\System32\dwm.exe

2300 C:\Windows\System32\taskhost.exe

2352 C:\Windows\explorer.exe

2484 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

2508 C:\Program Files\Lenovo\Communications Utility\CamMute.exe

2536 C:\Program Files\Lenovo\HOTKEY\micmute.exe

2568 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

2596 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

2632 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe

2652 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

2712 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

2764 C:\Windows\SysWOW64\IoctlSvc.exe

2808 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

2836 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

2864 C:\Windows\SysWOW64\SASrv.exe

2896 C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

2924 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

2964 C:\Windows\System32\svchost.exe

2992 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

3016 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3108 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

3200 WmiPrvSE.exe

3544 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3556 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

3596 C:\Windows\System32\TpShocks.exe

3640 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

3720 C:\Windows\System32\svchost.exe

3848 C:\Windows\System32\hkcmd.exe

3888 C:\Windows\System32\igfxpers.exe

3916 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

3944 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

1072 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

3296 C:\Windows\System32\svchost.exe

3792 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

3868 C:\Windows\SysWOW64\rundll32.exe

2076 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

4168 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4220 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4252 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

4296 C:\Windows\System32\svchost.exe

4472 unsecapp.exe

4512 C:\Windows\System32\rundll32.exe

4524 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe

4588 C:\Windows\System32\rundll32.exe

4668 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

4972 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

5032 C:\PROGRA~2\AD-AWA~1\AdAware.exe

4084 dllhost.exe

4040 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

4604 C:\Windows\System32\wbem\unsecapp.exe

3032 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

4780 C:\Program Files\Windows Media Player\wmpnetwk.exe

2288 C:\Windows\System32\rundll32.exe

5404 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

5608 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

5948 C:\Windows\System32\SearchIndexer.exe

5316 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

3692 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

5444 C:\Program Files (x86)\Lenovo\System Update\SUService.exe

4856 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

5072 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

3148 C:\Windows\System32\taskeng.exe

3496 C:\Windows\System32\svchost.exe

5596 C:\Program Files (x86)\Internet Explorer\iexplore.exe

4744 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

5452 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5340 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

5332 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

2144 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5788 C:\Windows\System32\svchost.exe

6804 C:\Windows\System32\taskeng.exe

6740 C:\Windows\System32\SearchProtocolHost.exe

6756 C:\Windows\System32\SearchFilterHost.exe

552 dllhost.exe

5680 dllhost.exe

6464 C:\Users\user1\Desktop\MBRCheck.exe

7048 C:\Windows\System32\conhost.exe

4060 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)

\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 099A72F39639E4A40C1CC0CF6D6AA8DCCD1AAD5B

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1

Done!

Share this post


Link to post
Share on other sites

" Don't run anything without my instructions." I apologize, I should have known better.

I don't have a Windows 7 disc, so borrowed the correct version and fixed the MBR.

Here is the latest log

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 64-bit

Logical Drives Mask: 0x0001000c

Kernel Drivers (total 213):

0x0304F000 \SystemRoot\system32\ntoskrnl.exe

0x03006000 \SystemRoot\system32\hal.dll

0x00BA9000 \SystemRoot\system32\kdcom.dll

0x00CC4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D13000 \SystemRoot\system32\PSHED.dll

0x00D27000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00E4E000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EF2000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F01000 \SystemRoot\system32\drivers\ACPI.sys

0x00F58000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F61000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F6B000 \SystemRoot\system32\drivers\pci.sys

0x00F9E000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00FAB000 \SystemRoot\System32\drivers\partmgr.sys

0x00FC0000 \SystemRoot\system32\drivers\compbatt.sys

0x00FC9000 \SystemRoot\system32\drivers\BATTC.SYS

0x00FD5000 \SystemRoot\system32\drivers\volmgr.sys

0x00D85000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys

0x01048000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0119C000 \SystemRoot\system32\drivers\atapi.sys

0x011A5000 \SystemRoot\system32\drivers\ataport.SYS

0x011CF000 \SystemRoot\system32\drivers\msahci.sys

0x011DA000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x011EA000 \SystemRoot\system32\drivers\amdxata.sys

0x01236000 \SystemRoot\system32\drivers\fltmgr.sys

0x01282000 \SystemRoot\system32\drivers\fileinfo.sys

0x01296000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x012CB000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01453000 \SystemRoot\System32\Drivers\Ntfs.sys

0x012D8000 \SystemRoot\System32\Drivers\msrpc.sys

0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01336000 \SystemRoot\System32\Drivers\cng.sys

0x0141B000 \SystemRoot\System32\drivers\pcw.sys

0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01671000 \SystemRoot\system32\drivers\ndis.sys

0x01764000 \SystemRoot\system32\drivers\NETIO.SYS

0x017C4000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018BD000 \SystemRoot\System32\drivers\tcpip.sys

0x01AC1000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01B0B000 \SystemRoot\system32\drivers\vmstorfl.sys

0x01B1B000 \SystemRoot\system32\drivers\volsnap.sys

0x01B67000 \SystemRoot\System32\DRIVERS\ApsHM64.sys

0x01B71000 \SystemRoot\System32\Drivers\spldr.sys

0x01B79000 \SystemRoot\System32\drivers\rdyboost.sys

0x01BB3000 \SystemRoot\System32\DRIVERS\Apsx64.sys

0x01BD9000 \SystemRoot\System32\Drivers\mup.sys

0x01BEB000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0183A000 \SystemRoot\system32\drivers\disk.sys

0x01850000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x02FD0000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02E00000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys

0x0188E000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

0x02E5F000 \SystemRoot\System32\Drivers\Null.SYS

0x018A2000 \SystemRoot\System32\Drivers\Beep.SYS

0x0F245000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

0x103EA000 \??\C:\Windows\system32\drivers\SBREdrv.sys

0x0F200000 \SystemRoot\System32\drivers\vga.sys

0x0F20E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0F233000 \SystemRoot\System32\drivers\watchdog.sys

0x018A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x018B2000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01BF4000 \SystemRoot\system32\drivers\rdprefmp.sys

0x017EF000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01611000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01633000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03E20000 \SystemRoot\system32\drivers\SbFw.sys

0x03E86000 \SystemRoot\system32\drivers\sbtis.sys

0x03EE1000 \SystemRoot\system32\drivers\afd.sys

0x03F6A000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03FAF000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03FB8000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03FDE000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03E00000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01640000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03E0F000 \SystemRoot\System32\drivers\Tppwr64v.sys

0x0165B000 \SystemRoot\system32\DRIVERS\termdd.sys

0x013A8000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x01436000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

0x03FF4000 \SystemRoot\system32\drivers\nsiproxy.sys

0x01200000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03E16000 \SystemRoot\system32\DRIVERS\smiifx64.sys

0x0120B000 \SystemRoot\System32\drivers\discache.sys

0x04406000 \SystemRoot\system32\drivers\csc.sys

0x04489000 \SystemRoot\System32\Drivers\dfsc.sys

0x044A7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x044B8000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04A00000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x044DE000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x055B2000 \SystemRoot\System32\drivers\dxgmms1.sys

0x045D2000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x045E3000 \SystemRoot\system32\drivers\usbehci.sys

0x0469D000 \SystemRoot\system32\drivers\USBPORT.SYS

0x046F3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04717000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x04787000 \SystemRoot\system32\DRIVERS\risdxc64.sys

0x05ABA000 \SystemRoot\system32\DRIVERS\NETwNs64.sys

0x06325000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x06332000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x06337000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

0x06344000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x06362000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x0662E000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x06790000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x06792000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x067A1000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x067B7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x067C0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x067D0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x06600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x067E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x06371000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x063A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x063BB000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x063DC000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x067F2000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x05A00000 \SystemRoot\system32\DRIVERS\SBFWIM.sys

0x05A19000 \SystemRoot\system32\DRIVERS\psadd.sys

0x067FD000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05A27000 \SystemRoot\system32\DRIVERS\ks.sys

0x05A6A000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05A7C000 \SystemRoot\system32\DRIVERS\WDKMD.sys

0x047A5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05A8C000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0823A000 \SystemRoot\system32\drivers\CHDRT64.sys

0x04600000 \SystemRoot\system32\drivers\portcls.sys

0x083C6000 \SystemRoot\system32\drivers\drmk.sys

0x083E8000 \SystemRoot\system32\drivers\ksthunk.sys

0x0463D000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x083EE000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x08200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x08219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x08222000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x000B0000 \SystemRoot\System32\win32k.sys

0x05AA1000 \SystemRoot\System32\drivers\Dxapi.sys

0x02E68000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x02E85000 \SystemRoot\system32\DRIVERS\5U877.sys

0x02EAE000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x02F01000 \SystemRoot\system32\DRIVERS\monitor.sys

0x005C0000 \SystemRoot\System32\TSDDD.dll

0x00740000 \SystemRoot\System32\cdd.dll

0x02F0F000 \SystemRoot\system32\DRIVERS\udfs.sys

0x02F64000 \SystemRoot\system32\drivers\luafv.sys

0x02F87000 \SystemRoot\system32\DRIVERS\sbapifs.sys

0x0822F000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

0x02FA1000 \SystemRoot\system32\drivers\WudfPf.sys

0x02FC2000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0285D000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x029B1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x029C4000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0x02800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x02831000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04800000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x04853000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x04866000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0487E000 \SystemRoot\system32\drivers\HTTP.sys

0x04947000 \SystemRoot\system32\DRIVERS\bowser.sys

0x04965000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0497D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x049AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x029D5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x08696000 \SystemRoot\system32\drivers\peauth.sys

0x0873C000 \SystemRoot\System32\Drivers\secdrv.SYS

0x08747000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x08778000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0878A000 \SystemRoot\System32\DRIVERS\srv2.sys

0x08E55000 \SystemRoot\System32\DRIVERS\srv.sys

0x08EED000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x08EF7000 \SystemRoot\system32\drivers\sbhips.sys

0x08F0A000 \SystemRoot\system32\drivers\spsys.sys

0x77CA0000 \Windows\System32\ntdll.dll

0x478E0000 \Windows\System32\smss.exe

0xFFFC0000 \Windows\System32\apisetschema.dll

0xFFEC0000 \Windows\System32\autochk.exe

0xFFF50000 \Windows\System32\Wldap32.dll

0xFFF20000 \Windows\System32\imm32.dll

0xFFED0000 \Windows\System32\ws2_32.dll

0x77B80000 \Windows\System32\kernel32.dll

0xFFE30000 \Windows\System32\clbcatq.dll

0xFFDB0000 \Windows\System32\difxapi.dll

0xFFD10000 \Windows\System32\msvcrt.dll

0xFFB30000 \Windows\System32\setupapi.dll

0x77E70000 \Windows\System32\normaliz.dll

0xFFAC0000 \Windows\System32\gdi32.dll

0xFFAB0000 \Windows\System32\nsi.dll

0xFF9D0000 \Windows\System32\advapi32.dll

0xFF8A0000 \Windows\System32\wininet.dll

0xFF640000 \Windows\System32\iertutil.dll

0xFF620000 \Windows\System32\imagehlp.dll

0xFF550000 \Windows\System32\usp10.dll

0xFF3D0000 \Windows\System32\urlmon.dll

0xFE640000 \Windows\System32\shell32.dll

0xFE5A0000 \Windows\System32\comdlg32.dll

0x77E60000 \Windows\System32\psapi.dll

0xFE390000 \Windows\System32\ole32.dll

0xFE260000 \Windows\System32\rpcrt4.dll

0xFE180000 \Windows\System32\oleaut32.dll

0xFE100000 \Windows\System32\shlwapi.dll

0xFE0E0000 \Windows\System32\sechost.dll

0xFDFD0000 \Windows\System32\msctf.dll

0x77A80000 \Windows\System32\user32.dll

0xFDFC0000 \Windows\System32\lpk.dll

0xFDF80000 \Windows\System32\wintrust.dll

0xFDE10000 \Windows\System32\crypt32.dll

0xFDDF0000 \Windows\System32\devobj.dll

0xFDD80000 \Windows\System32\KernelBase.dll

0xFDD40000 \Windows\System32\cfgmgr32.dll

0xFDCA0000 \Windows\System32\comctl32.dll

0xFDC90000 \Windows\System32\msasn1.dll

0x77730000 \Windows\SysWOW64\normaliz.dll

Processes (total 107):

0 System Idle Process

4 System

384 C:\Windows\System32\smss.exe

508 csrss.exe

584 C:\Windows\System32\wininit.exe

608 csrss.exe

644 C:\Windows\System32\services.exe

668 C:\Windows\System32\lsass.exe

676 C:\Windows\System32\lsm.exe

788 C:\Windows\System32\svchost.exe

924 C:\Windows\System32\ibmpmsvc.exe

988 C:\Windows\System32\svchost.exe

428 C:\Program Files\Microsoft Security Client\MsMpEng.exe

496 C:\Windows\System32\winlogon.exe

968 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

1156 C:\Windows\System32\svchost.exe

1192 C:\Windows\System32\svchost.exe

1232 C:\Windows\System32\svchost.exe

1292 C:\Windows\System32\audiodg.exe

1364 C:\Windows\System32\svchost.exe

1652 WUDFHost.exe

1696 C:\Windows\System32\svchost.exe

1784 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

1968 C:\Windows\System32\wlanext.exe

1976 C:\Windows\System32\conhost.exe

2024 C:\Windows\System32\spoolsv.exe

1512 C:\Windows\System32\svchost.exe

1880 C:\Program Files\Lenovo\HOTKEY\tphkload.exe

1928 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

1868 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

2084 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

2116 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

2160 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2208 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

2408 C:\Windows\System32\dwm.exe

2428 C:\Windows\System32\taskhost.exe

2464 C:\Windows\explorer.exe

2580 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

2612 C:\Program Files\Lenovo\Communications Utility\CamMute.exe

2636 C:\Program Files\Lenovo\HOTKEY\micmute.exe

2668 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

2700 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

2728 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

2788 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

2844 C:\Windows\SysWOW64\IoctlSvc.exe

2888 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

2916 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

2952 C:\Windows\SysWOW64\SASrv.exe

2980 C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

3016 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

3048 C:\Windows\System32\svchost.exe

2176 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

2356 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3132 WmiPrvSE.exe

3208 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

3464 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3716 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

3772 C:\Windows\System32\TpShocks.exe

3816 C:\Windows\System32\svchost.exe

3948 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

3984 C:\Windows\System32\hkcmd.exe

4004 C:\Windows\System32\igfxpers.exe

4012 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

4024 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

1036 C:\Program Files\Microsoft Security Client\msseces.exe

3116 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

4188 C:\Windows\System32\svchost.exe

4404 C:\Windows\System32\svchost.exe

4512 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

4536 C:\Windows\SysWOW64\rundll32.exe

4548 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

4584 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4608 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4632 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

4840 unsecapp.exe

4880 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

4900 C:\Windows\System32\rundll32.exe

4920 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe

4112 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe

4740 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

4252 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

3476 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

5128 C:\PROGRA~2\AD-AWA~1\AdAware.exe

5272 dllhost.exe

5396 C:\Windows\System32\wbem\unsecapp.exe

5768 C:\Program Files\Windows Media Player\wmpnetwk.exe

5432 C:\Windows\System32\rundll32.exe

5728 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

5988 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

1056 C:\Windows\System32\SearchIndexer.exe

3456 C:\Windows\System32\SearchProtocolHost.exe

5968 C:\Windows\System32\SearchFilterHost.exe

3824 C:\Windows\System32\taskeng.exe

3164 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

4488 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

2936 C:\Windows\System32\sppsvc.exe

1620 C:\Program Files (x86)\Lenovo\System Update\SUService.exe

5344 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

4580 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

3000 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2652 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2948 C:\Windows\System32\wbem\WMIADAP.exe

452 dllhost.exe

4576 dllhost.exe

5248 C:\Users\user1\Desktop\MBRCheck.exe

5288 C:\Windows\System32\conhost.exe

636 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)

\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Share this post


Link to post
Share on other sites

It wasn't there last night, but it's reappeared today. This isn't that unusual, as it's not always present. And, it doesn't show up on all websites I visit, but it's common on a few.Here are two screenshots from today, the second one showing the "Recommended For You" rectangle that appears after clicking the x on the iphone.

post-111524-0-94570200-1336318741.jpg

post-111524-0-65976600-1336318760.jpg

Share this post


Link to post
Share on other sites

Those screenshots were not the best, let's try again

post-111524-0-35604600-1336319122.jpg

post-111524-0-52131900-1336319291.jpg

Share this post


Link to post
Share on other sites

Ran another MBR check, this one shows an XP MBR code on Physical Drive1, along with the Windows 7 MBR code on Physical Drive0. Both are green.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 64-bit

Logical Drives Mask: 0x0001001c

Kernel Drivers (total 212):

0x0304E000 \SystemRoot\system32\ntoskrnl.exe

0x03005000 \SystemRoot\system32\hal.dll

0x00B9E000 \SystemRoot\system32\kdcom.dll

0x00C1B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C6A000 \SystemRoot\system32\PSHED.dll

0x00C7E000 \SystemRoot\system32\CLFS.SYS

0x00CDC000 \SystemRoot\system32\CI.dll

0x00E02000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EA6000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EB5000 \SystemRoot\system32\drivers\ACPI.sys

0x00F0C000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F15000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F1F000 \SystemRoot\system32\drivers\pci.sys

0x00F52000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00F5F000 \SystemRoot\System32\drivers\partmgr.sys

0x00F74000 \SystemRoot\system32\drivers\compbatt.sys

0x00F7D000 \SystemRoot\system32\drivers\BATTC.SYS

0x00F89000 \SystemRoot\system32\drivers\volmgr.sys

0x00F9E000 \SystemRoot\System32\drivers\volmgrx.sys

0x00D9C000 \SystemRoot\System32\drivers\mountmgr.sys

0x0103D000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x01191000 \SystemRoot\system32\drivers\atapi.sys

0x0119A000 \SystemRoot\system32\drivers\ataport.SYS

0x011C4000 \SystemRoot\system32\drivers\msahci.sys

0x011CF000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x011DF000 \SystemRoot\system32\drivers\amdxata.sys

0x0123B000 \SystemRoot\system32\drivers\fltmgr.sys

0x01287000 \SystemRoot\system32\drivers\fileinfo.sys

0x0129B000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x012D0000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01418000 \SystemRoot\System32\Drivers\Ntfs.sys

0x012DD000 \SystemRoot\System32\Drivers\msrpc.sys

0x015BB000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0133B000 \SystemRoot\System32\Drivers\cng.sys

0x015D6000 \SystemRoot\System32\drivers\pcw.sys

0x015E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0161D000 \SystemRoot\system32\drivers\ndis.sys

0x01710000 \SystemRoot\system32\drivers\NETIO.SYS

0x01770000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018DB000 \SystemRoot\System32\drivers\tcpip.sys

0x01ADF000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01B29000 \SystemRoot\system32\drivers\vmstorfl.sys

0x01B39000 \SystemRoot\system32\drivers\volsnap.sys

0x01B85000 \SystemRoot\System32\DRIVERS\ApsHM64.sys

0x01B8F000 \SystemRoot\System32\Drivers\spldr.sys

0x01B97000 \SystemRoot\System32\drivers\rdyboost.sys

0x01BD1000 \SystemRoot\System32\DRIVERS\Apsx64.sys

0x01800000 \SystemRoot\System32\Drivers\mup.sys

0x01812000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0181B000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01855000 \SystemRoot\system32\drivers\disk.sys

0x0186B000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x02F85000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x0179B000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys

0x02FAF000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

0x02FC3000 \SystemRoot\System32\Drivers\Null.SYS

0x02FCC000 \SystemRoot\System32\Drivers\Beep.SYS

0x0F235000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

0x103DA000 \??\C:\Windows\system32\drivers\SBREdrv.sys

0x103EA000 \SystemRoot\System32\drivers\vga.sys

0x0F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0F225000 \SystemRoot\System32\drivers\watchdog.sys

0x02FD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02FDC000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02FE5000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02FEE000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02E00000 \SystemRoot\System32\Drivers\Npfs.SYS

0x018A9000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02E11000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x04014000 \SystemRoot\system32\drivers\SbFw.sys

0x0407A000 \SystemRoot\system32\drivers\sbtis.sys

0x040D5000 \SystemRoot\system32\drivers\afd.sys

0x0415E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x041A3000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x041AC000 \SystemRoot\system32\DRIVERS\pacer.sys

0x041D2000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x041E8000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01600000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x041F7000 \SystemRoot\System32\drivers\Tppwr64v.sys

0x04000000 \SystemRoot\system32\DRIVERS\termdd.sys

0x013AD000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x01400000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

0x018CB000 \SystemRoot\system32\drivers\nsiproxy.sys

0x015F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x103F8000 \SystemRoot\system32\DRIVERS\smiifx64.sys

0x01200000 \SystemRoot\System32\drivers\discache.sys

0x044C1000 \SystemRoot\system32\drivers\csc.sys

0x04544000 \SystemRoot\System32\Drivers\dfsc.sys

0x04562000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x04573000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04A3C000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x046B4000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x047A8000 \SystemRoot\System32\drivers\dxgmms1.sys

0x047EE000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x04600000 \SystemRoot\system32\drivers\usbehci.sys

0x04611000 \SystemRoot\system32\drivers\USBPORT.SYS

0x04667000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0468B000 \SystemRoot\system32\DRIVERS\risdxc64.sys

0x05AB0000 \SystemRoot\system32\DRIVERS\NETwNs64.sys

0x0631B000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x06328000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0632D000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

0x0633A000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x06358000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x0588D000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x059EF000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x059F1000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x05800000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x05816000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0581F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x0582F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x05845000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x05869000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x06367000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06396000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x063B1000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x063D2000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05875000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x05A00000 \SystemRoot\system32\DRIVERS\SBFWIM.sys

0x05A19000 \SystemRoot\system32\DRIVERS\psadd.sys

0x05880000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05A27000 \SystemRoot\system32\DRIVERS\ks.sys

0x05A6A000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05A7C000 \SystemRoot\system32\DRIVERS\WDKMD.sys

0x04599000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05A8C000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x08271000 \SystemRoot\system32\drivers\CHDRT64.sys

0x08200000 \SystemRoot\system32\drivers\portcls.sys

0x0823D000 \SystemRoot\system32\drivers\drmk.sys

0x0825F000 \SystemRoot\system32\drivers\ksthunk.sys

0x08476000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x084C9000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x084D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x084F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x084F9000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x08506000 \SystemRoot\System32\drivers\Dxapi.sys

0x08512000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02E1E000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x08520000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x08533000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x08550000 \SystemRoot\system32\DRIVERS\5U877.sys

0x08579000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x0858A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x085A5000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00510000 \SystemRoot\System32\TSDDD.dll

0x00600000 \SystemRoot\System32\cdd.dll

0x08400000 \SystemRoot\system32\drivers\luafv.sys

0x08423000 \SystemRoot\system32\DRIVERS\sbapifs.sys

0x0843D000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

0x08444000 \SystemRoot\system32\drivers\WudfPf.sys

0x08465000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0x085B3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x085E4000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x028E5000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x02938000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x0294B000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02800000 \SystemRoot\system32\drivers\HTTP.sys

0x02963000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02981000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02999000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x04470000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x029C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x086EC000 \SystemRoot\system32\drivers\peauth.sys

0x08792000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0879D000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x087CE000 \SystemRoot\System32\drivers\tcpipreg.sys

0x08600000 \SystemRoot\System32\DRIVERS\srv2.sys

0x08E50000 \SystemRoot\System32\DRIVERS\srv.sys

0x08EE8000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x08EF2000 \SystemRoot\system32\drivers\sbhips.sys

0x774A0000 \Windows\System32\ntdll.dll

0x48190000 \Windows\System32\smss.exe

0xFF7C0000 \Windows\System32\apisetschema.dll

0xFF240000 \Windows\System32\autochk.exe

0xFF6D0000 \Windows\System32\oleaut32.dll

0x77670000 \Windows\System32\psapi.dll

0x77660000 \Windows\System32\normaliz.dll

0xFF5F0000 \Windows\System32\advapi32.dll

0xFF550000 \Windows\System32\msvcrt.dll

0x77380000 \Windows\System32\kernel32.dll

0xFE7C0000 \Windows\System32\shell32.dll

0xFE5B0000 \Windows\System32\ole32.dll

0xFE5A0000 \Windows\System32\nsi.dll

0xFE420000 \Windows\System32\urlmon.dll

0xFE240000 \Windows\System32\setupapi.dll

0xFE220000 \Windows\System32\imagehlp.dll

0xFE210000 \Windows\System32\lpk.dll

0xFE0E0000 \Windows\System32\rpcrt4.dll

0xFDFD0000 \Windows\System32\msctf.dll

0xFDEA0000 \Windows\System32\wininet.dll

0xFDC40000 \Windows\System32\iertutil.dll

0xFDBA0000 \Windows\System32\clbcatq.dll

0xFDB50000 \Windows\System32\ws2_32.dll

0xFDAF0000 \Windows\System32\Wldap32.dll

0xFDA70000 \Windows\System32\difxapi.dll

0xFDA00000 \Windows\System32\gdi32.dll

0x77280000 \Windows\System32\user32.dll

0xFD9E0000 \Windows\System32\sechost.dll

0xFD960000 \Windows\System32\shlwapi.dll

0xFD890000 \Windows\System32\usp10.dll

0xFD7F0000 \Windows\System32\comdlg32.dll

0xFD7C0000 \Windows\System32\imm32.dll

0xFD780000 \Windows\System32\wintrust.dll

0xFD6E0000 \Windows\System32\comctl32.dll

0xFD6A0000 \Windows\System32\cfgmgr32.dll

0xFD530000 \Windows\System32\crypt32.dll

0xFD510000 \Windows\System32\devobj.dll

0xFD4A0000 \Windows\System32\KernelBase.dll

0xFD490000 \Windows\System32\msasn1.dll

0x76A80000 \Windows\SysWOW64\normaliz.dll

Processes (total 105):

0 System Idle Process

4 System

384 C:\Windows\System32\smss.exe

508 csrss.exe

580 C:\Windows\System32\wininit.exe

600 csrss.exe

644 C:\Windows\System32\services.exe

660 C:\Windows\System32\lsass.exe

668 C:\Windows\System32\lsm.exe

792 C:\Windows\System32\svchost.exe

924 C:\Windows\System32\ibmpmsvc.exe

984 C:\Windows\System32\svchost.exe

400 C:\Program Files\Microsoft Security Client\MsMpEng.exe

528 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

484 C:\Windows\System32\winlogon.exe

1140 C:\Windows\System32\svchost.exe

1176 C:\Windows\System32\svchost.exe

1212 C:\Windows\System32\svchost.exe

1332 C:\Windows\System32\svchost.exe

1424 WUDFHost.exe

1496 C:\Windows\System32\svchost.exe

1616 C:\Windows\System32\wlanext.exe

1624 C:\Windows\System32\conhost.exe

1704 C:\Windows\System32\spoolsv.exe

1788 C:\Windows\System32\svchost.exe

1936 C:\Program Files\Lenovo\HOTKEY\tphkload.exe

2004 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

1396 C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

1808 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

2000 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

2080 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2140 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

2344 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

2532 C:\Windows\System32\dwm.exe

2556 C:\Windows\explorer.exe

2568 C:\Windows\System32\taskhost.exe

2684 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

2712 C:\Program Files\Lenovo\Communications Utility\CamMute.exe

2760 C:\Program Files\Lenovo\HOTKEY\micmute.exe

2804 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

2828 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

2864 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe

2876 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

2924 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

2992 C:\Windows\SysWOW64\IoctlSvc.exe

3032 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

3060 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

452 C:\Windows\SysWOW64\SASrv.exe

2184 C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

2240 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

2268 C:\Windows\System32\svchost.exe

2308 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

2468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2752 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

3152 WmiPrvSE.exe

3696 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3736 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

3756 C:\Windows\System32\TpShocks.exe

3880 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

3888 C:\Windows\System32\svchost.exe

4004 C:\Windows\System32\hkcmd.exe

4052 C:\Windows\System32\igfxpers.exe

4080 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

2608 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

2200 C:\Program Files\Microsoft Security Client\msseces.exe

3124 C:\Windows\System32\svchost.exe

2216 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

4304 C:\Windows\System32\svchost.exe

4388 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

4404 C:\Windows\SysWOW64\rundll32.exe

4416 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

4468 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4508 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4616 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

4732 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

4772 unsecapp.exe

4864 C:\Windows\System32\rundll32.exe

4876 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe

4924 C:\Windows\System32\rundll32.exe

4816 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

4024 dllhost.exe

5184 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

5244 C:\PROGRA~2\AD-AWA~1\AdAware.exe

5380 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

5440 C:\Windows\System32\wbem\unsecapp.exe

5828 C:\Program Files\Windows Media Player\wmpnetwk.exe

6008 C:\Windows\System32\rundll32.exe

5756 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

5872 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

5676 C:\Windows\System32\SearchIndexer.exe

1048 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

5232 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

760 C:\Program Files (x86)\Lenovo\System Update\SUService.exe

1656 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

5140 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

3836 C:\Windows\System32\svchost.exe

3748 C:\Windows\System32\taskeng.exe

5504 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

1060 C:\Windows\System32\audiodg.exe

3928 C:\Windows\System32\mspaint.exe

7076 C:\Windows\System32\dllhost.exe

5672 dllhost.exe

3104 dllhost.exe

7056 C:\Users\user1\Desktop\malware\MBRCheck.exe

1576 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

PhysicalDrive1 Model Number: SeagateFreeAgent GoFlex, Rev: 210

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

465 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

As requested......

ComboFix 12-05-06.01 - user1 06/05/2012 12:32:30.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4007.1782 [GMT -4:00]

Running from: c:\users\user1\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))

.

.

2012-05-06 16:37 . 2012-05-06 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-06 15:51 . 2012-05-06 15:51 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{225C73FA-BBAA-4402-A9BE-1F906747C885}\offreg.dll

2012-05-06 15:22 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{225C73FA-BBAA-4402-A9BE-1F906747C885}\mpengine.dll

2012-05-05 14:42 . 2012-05-05 14:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F54B971-B546-45D9-A374-0476C2856CDA}\gapaengine.dll

2012-05-05 14:42 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-01 21:04 . 2012-05-04 00:35 14812 ----a-w- C:\FixitRegBackup.reg

2012-04-30 22:44 . 2012-04-30 22:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-29 21:23 . 2012-04-29 21:23 -------- d-----w- c:\users\user1\AppData\Local\adaware

2012-04-29 21:23 . 2012-04-29 21:23 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-04-29 21:23 . 2011-05-17 22:36 45904 ----a-w- c:\windows\system32\sbbd.exe

2012-04-29 21:23 . 2011-04-29 18:15 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-04-29 21:23 . 2011-04-05 21:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys

2012-04-29 21:23 . 2011-04-05 21:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-04-29 21:22 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-04-29 21:22 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys

2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\programdata\Lavasoft

2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-04-29 21:21 . 2012-04-30 00:15 -------- d-----w- c:\users\user1\AppData\Roaming\Ad-Aware Antivirus

2012-04-29 03:13 . 2012-05-05 18:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-29 02:25 . 2012-04-29 02:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-29 02:25 . 2012-04-29 02:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-29 02:15 . 2012-05-05 18:13 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-15 15:50 . 2012-04-15 15:50 -------- d-----w- c:\windows\en

2012-04-15 15:49 . 2012-04-15 15:49 -------- d-----w- c:\program files\Windows Live

2012-04-15 15:47 . 2012-04-15 15:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DSETUP.dll

2012-04-15 15:47 . 2012-04-15 15:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DXSETUP.exe

2012-04-15 15:47 . 2012-04-15 15:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\dsetup32.dll

2012-04-12 05:18 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 05:18 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 05:18 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 05:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 05:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 05:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 05:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 05:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 05:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 05:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 18:13 . 2011-06-22 19:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-17 05:24 . 2011-06-25 13:02 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2012-04-04 19:56 . 2012-02-25 00:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-24 13:36 . 2011-07-31 11:31 952 --sha-w- c:\programdata\KGyGaAvL.sys

2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-02-27 02:53 . 2011-06-22 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-26 16:08 . 2012-02-26 16:08 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-17 06:38 . 2012-03-14 10:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 10:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 10:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 10:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 10:57 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 10:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]

R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]

S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-04-17 55056]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-04-17 61712]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-04-17 931640]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-06 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]

.

2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:13]

.

2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000Core.job

- c:\users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 14:38]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000UA.job

- c:\users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 14:38]

.

2012-04-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]

.

2012-05-06 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]

"TpShocks"="TpShocks.exe" [2011-01-14 380776]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]

"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.ca/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 59677

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥w¾Zóe0®³e]

"0"=hex:50,00,31,00,00,00,00,00,9e,40,07,a7,10,00,54,41,53,4d,49,4e,00,00,3a,

00,08,00,04,00,ef,be,da,3e,09,03,9e,40,07,a7,2a,00,00,00,02,a1,01,00,00,00,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHeß´É3]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHeß´É3\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W6f‡9(ê]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W6f‡9(ê\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHf<èä½]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHf<èä½\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WOf÷á£J]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WOf÷á£J\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.Wƒfò‘Ї]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.Wƒfò‘Ї\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÃso[ÑU]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÃso[ÑU\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZMe0

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

FireFox::
FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0

RegLock::
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥w¾Zóe0®³e]
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|]
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|\OpenWithList]
[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©]

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Here you go......

ComboFix 12-05-06.01 - user1 07/05/2012 0:24.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4007.2590 [GMT -4:00]

Running from: c:\users\user1\Desktop\ComboFix.exe

Command switches used :: c:\users\user1\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))

.

.

2012-05-07 04:30 . 2012-05-07 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-06 17:22 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8996BFDA-4064-4DCC-BDA6-6AAA05FA129E}\mpengine.dll

2012-05-05 14:42 . 2012-05-05 14:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F54B971-B546-45D9-A374-0476C2856CDA}\gapaengine.dll

2012-05-05 14:42 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-01 21:04 . 2012-05-04 00:35 14812 ----a-w- C:\FixitRegBackup.reg

2012-04-30 22:44 . 2012-04-30 22:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-29 21:23 . 2012-04-29 21:23 -------- d-----w- c:\users\user1\AppData\Local\adaware

2012-04-29 21:23 . 2012-04-29 21:23 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-04-29 21:23 . 2011-05-17 22:36 45904 ----a-w- c:\windows\system32\sbbd.exe

2012-04-29 21:23 . 2011-04-29 18:15 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-04-29 21:23 . 2011-04-05 21:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys

2012-04-29 21:23 . 2011-04-05 21:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-04-29 21:22 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-04-29 21:22 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys

2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\programdata\Lavasoft

2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-04-29 21:21 . 2012-04-30 00:15 -------- d-----w- c:\users\user1\AppData\Roaming\Ad-Aware Antivirus

2012-04-29 03:13 . 2012-05-05 18:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-29 02:25 . 2012-04-29 02:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-29 02:25 . 2012-04-29 02:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-29 02:15 . 2012-05-05 18:13 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-15 15:50 . 2012-04-15 15:50 -------- d-----w- c:\windows\en

2012-04-15 15:49 . 2012-04-15 15:49 -------- d-----w- c:\program files\Windows Live

2012-04-15 15:47 . 2012-04-15 15:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DSETUP.dll

2012-04-15 15:47 . 2012-04-15 15:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\DXSETUP.exe

2012-04-15 15:47 . 2012-04-15 15:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1f4c87c91cd1b1f02\dsetup32.dll

2012-04-12 05:18 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 05:18 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 05:18 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 05:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 05:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 05:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 05:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 05:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 05:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 05:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 18:13 . 2011-06-22 19:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-17 05:24 . 2011-06-25 13:02 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2012-04-04 19:56 . 2012-02-25 00:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-24 13:36 . 2011-07-31 11:31 952 --sha-w- c:\programdata\KGyGaAvL.sys

2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-02-27 02:53 . 2011-06-22 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-26 16:08 . 2012-02-26 16:08 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-17 06:38 . 2012-03-14 10:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 10:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 10:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 10:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 10:57 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 10:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-06_16.28.26 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-05-06 15:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-07 04:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-06 15:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-07 04:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 15:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-07 04:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-21 03:09 . 2012-05-06 15:14 61888 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2010-11-21 03:09 . 2012-05-07 04:06 61888 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-07 04:06 45618 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-06-23 08:05 . 2012-05-07 04:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-23 08:05 . 2012-05-06 16:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-23 08:05 . 2012-05-06 16:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-23 08:05 . 2012-05-07 04:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-06 16:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-07 04:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-24 18:29 . 2012-05-07 04:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-24 18:29 . 2012-05-06 15:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-24 18:29 . 2012-05-07 04:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-24 18:29 . 2012-05-06 15:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-24 18:29 . 2012-05-06 15:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-24 18:29 . 2012-05-07 04:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-06-22 19:02 . 2012-05-06 16:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-22 19:02 . 2012-05-07 04:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-22 19:02 . 2012-05-07 04:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-06-22 19:02 . 2012-05-06 16:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-05-06 15:12 . 2012-05-06 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-07 04:04 . 2012-05-07 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-07 04:04 . 2012-05-07 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-06 15:12 . 2012-05-06 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2012-05-07 04:09 631002 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-06 15:16 631002 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-07 04:09 112054 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-06 15:16 112054 c:\windows\system32\perfc009.dat

- 2009-07-14 05:12 . 2012-05-05 18:13 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-05-06 17:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-05-06 06:10 301820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-06 17:49 301820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-05-26 23:57 . 2012-05-06 06:10 4949224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-26 23:57 . 2012-05-06 17:49 4949224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]

R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]

S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-04-17 55056]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-04-17 61712]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-04-17 931640]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-06 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]

.

2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:13]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000Core.job

- c:\users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 14:38]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474410928-4036716992-2113835924-1000UA.job

- c:\users\user1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 14:38]

.

2012-04-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]

.

2012-05-07 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]

"TpShocks"="TpShocks.exe" [2011-01-14 380776]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]

"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.ca/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\568abahm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*¾Z)hÎyÛÍ]

"0"=hex:14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,

45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5a,00,31,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥w¾Zóe0®³e]

"0"=hex:50,00,31,00,00,00,00,00,9e,40,07,a7,10,00,54,41,53,4d,49,4e,00,00,3a,

00,08,00,04,00,ef,be,da,3e,09,03,9e,40,07,a7,2a,00,00,00,02,a1,01,00,00,00,\

"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W*cá°2|\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÎcëv4©\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHeß´É3]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHeß´É3\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W6f‡9(ê]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.W6f‡9(ê\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHf<èä½]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WHf<èä½\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WOf÷á£J]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WOf÷á£J\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.Wƒfò‘Ї]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.Wƒfò‘Ї\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÃso[ÑU]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*.WÃso[ÑU\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-3474410928-4036716992-2113835924-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾ZMe0

Share this post


Link to post
Share on other sites

I visited a couple of the usual "suspects"...those sites shown in screenshots I posted earlier, and they were slide out free. I'll revisit them later on today, since the slide out doesn't show itself 100% of the time.

I checked my hosts file, and found a number of entries inserted by Spybot Search and Destroy..all pointing to 127.0.0.1

When I get the "all clear" from you, I'd like to know your opinion on the number of anti virus / malware detections programs I should keep on my machine.

I plan on upgrading Malwarebytes to the "Pro" version, and would like to keep running Microsoft Security Essentials.

The others I have right now are

Spybot Search and Destroy

AdAware (Lavasoft)

SpywareBlaster

Share this post


Link to post
Share on other sites

Let me know and then will discuss your questions.

Share this post


Link to post
Share on other sites

Maniac......

I have not seen the slide out since running ComboFix.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.