Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan's Taking Over My Laptop [Solved]

Started by owainb , Oct 12 2009 02:34 PM

  • This topic is locked This topic is locked

#1
owainb
Posted 12 October 2009 - 02:34 PM

owainb

    Member

  • Member
  • PipPip
  • 63 posts
Hi, not sure how I've managed to get these but my Mcafee is working over time. It deletes files but then it reappears, this just keeps happening. Also when I use internet explorer and search in google I don't get the results I should and then other pages open telling me my computer is infected and asking me to pay for software to remove, I cant close these pages unless use task manager. I've done a hijack this log. If anybody can help would be great, many thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:14, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sitedirector....8...30&vendtag=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {01B66BAC-1A46-45D1-B718-8A90AF159043} - C:\WINDOWS\System32\d3dx9_3232.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [A00F1A180A3.exe] C:\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\_A00F1A180A3.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photob...?20090507063008
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fish%20Tycoon/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish...shUKActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160964812199
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish...ishActivia2.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Fish%20Tycoon/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...OCX/flashax.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.theclickt...e4/vitalize.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\FINFCHECK32.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: cc979ab4687 - C:\WINDOWS\System32\FINFCHECK32.dll
O20 - Winlogon Notify: __c0073A6C - C:\WINDOWS\system32\__c0073A6C.dat (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 14741 bytes
  • 0

Advertisements

#2
owainb
Posted 12 October 2009 - 03:01 PM

owainb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
From looking at other posts I've downloaded OTL and please see my attached log from the scan. Hope this helps!!

OTL logfile created on: 12/10/2009 21:51:50 - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\IBM USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.92 Mb Total Physical Memory | 260.31 Mb Available Physical Memory | 25.45% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 6.71 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
Drive D: | 330.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWAIN
Current User Name: IBM USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/12 21:49:28 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM USER\Desktop\OTL.exe
PRC - [2009/06/10 23:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/16 09:55:38 | 00,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/12/07 16:02:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 20:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/10/02 18:19:48 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/09/13 10:23:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/07/04 11:05:00 | 00,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
PRC - [2006/06/16 23:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2006/06/16 23:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2006/05/30 23:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/04/17 21:13:00 | 00,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 21:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 21:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 20:59:10 | 00,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/14 22:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 22:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/11 09:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2005/11/09 00:07:02 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe
PRC - [2005/11/07 19:14:16 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\TpShocks.exe
PRC - [2005/10/29 03:04:30 | 00,045,056 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2005/07/05 22:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 20:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE
PRC - [2005/06/07 05:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe
PRC - [2005/05/26 05:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/10/14 17:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2003/10/29 11:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/07 00:08:00 | 00,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2003/06/27 16:53:32 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/01/07 22:52:16 | 00,495,616 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2002/10/09 06:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\TpScrLk.exe
PRC - [2002/09/20 22:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/07 16:02:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 01:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/04/07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/06/16 23:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/06/16 23:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/04/17 21:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2006/04/17 21:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2005/11/11 09:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2005/11/09 00:07:02 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [On_Demand | Running])
SRV - [2005/06/20 20:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE -- (TPHDEXLGSVC [Auto | Running])
SRV - [2005/06/07 05:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2005/05/26 05:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/16 20:37:58 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/09/20 22:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC 6B B6 01 46 1A D1 45 B7 18 8A 90 AF 15 90 43 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/07 16:02:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 00:18:15 | 00,000,000 | ---D | M]

[2009/06/29 22:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Extensions
[2009/06/29 22:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Extensions\[email protected]
[2009/10/11 23:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions
[2008/01/08 23:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions\{2c7bf5d2-2002-4912-95b2-7c2ee8a9ce7c}
[2009/10/12 21:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions\{68614531-b168-49fd-ba5c-00fc33d1c1f5}
[2008/01/08 23:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions\[email protected]

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {01B66BAC-1A46-45D1-B718-8A90AF159043} - C:\WINDOWS\System32\d3dx9_3232.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKCU..\Run: [A00F1A180A3.exe] C:\Documents and Settings\IBM USER\Local Settings\temp\_A00F1A180A3.exe ()
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20090507063008 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Fish%20Tycoon/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish...shUKActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1160964812199 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} http://www3.snapfish...ishActivia2.cab (Snapfish Activia2)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Fish%20Tycoon/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...OCX/flashax.cab (FlashXControl Object)
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} http://www.theclickt...e4/vitalize.cab (Vitalize Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\FINFCHECK32.dll) - C:\WINDOWS\System32\FINFCHECK32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c0073A6C: DllName - C:\WINDOWS\system32\__c0073A6C.dat - C:\WINDOWS\System32\__c0073A6C.dat File not found
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cc979ab4687: DllName - C:\WINDOWS\System32\FINFCHECK32.dll - C:\WINDOWS\System32\FINFCHECK32.dll ()
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/16 00:49:39 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/13 14:11:46 | 00,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2001/09/10 15:06:52 | 00,050,176 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2009/10/03 11:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/03 11:35:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\PC_Drivers_Headquarters
[2009/10/03 11:33:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2009/10/03 11:46:54 | 00,000,000 | ---D | C] -- C:\Program Files\REGSHAVE
[2009/10/12 21:49:24 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\IBM USER\Desktop\OTL.exe
[2009/10/12 20:32:47 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/10/12 20:19:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Desktop\avz4
[2009/10/11 23:45:10 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\LocalService
[2009/10/03 11:46:59 | 00,081,924 | ---- | C] (FUJI PHOTO FILM CO.,LTD.) -- C:\WINDOWS\System32\drivers\VC4CB104.SYS
[2009/10/03 11:46:54 | 00,045,056 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FINFCOPY.dll
[2009/10/03 11:46:53 | 00,065,536 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FINFCHECK.dll
[2009/10/03 11:46:51 | 00,069,632 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FREGSHEX.DLL
[2009/10/03 11:46:51 | 00,045,056 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FCLKBTN.DLL
[2009/10/03 11:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Desktop\FinePix_USB

========== Files - Modified Within 14 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/12 21:59:03 | 00,003,011 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687P.manifest
[2009/10/12 21:49:28 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM USER\Desktop\OTL.exe
[2009/10/12 21:29:45 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\HijackThis.lnk
[2009/10/12 21:21:23 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687C.manifest
[2009/10/12 21:21:22 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687S.manifest
[2009/10/12 21:21:21 | 00,000,617 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687O.manifest
[2009/10/12 21:11:30 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/12 21:11:28 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/12 21:11:06 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/12 21:09:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/12 21:09:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/12 21:09:44 | 10,726,80960 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/12 21:01:38 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/10/12 20:24:05 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uteznja4.sys
[2009/10/12 00:06:00 | 00,000,806 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/11 23:53:06 | 00,018,692 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2009/10/11 23:49:00 | 00,116,736 | ---- | M] () -- C:\WINDOWS\System32\d3dx9_3232.dll
[2009/10/11 23:49:00 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\peL21Ap9dYXKU.vbs
[2009/10/11 23:45:10 | 00,001,849 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/11 23:45:06 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\danim32.dll
[2009/10/11 23:44:57 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\FINFCHECK32.dll
[2009/10/11 23:44:56 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\cx0Yu.vbs
[2009/10/11 22:28:48 | 00,164,522 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\dollar.jpg
[2009/10/11 22:27:04 | 00,149,457 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\modelpic.jpg
[2009/10/11 22:25:28 | 00,145,923 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\6pack.jpg
[2009/10/11 22:22:45 | 00,064,544 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\piggy-bank.jpg
[2009/10/07 20:53:33 | 00,030,305 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\mmoney.jpg
[2009/10/05 21:52:40 | 00,075,008 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\bman.jpg
[2009/10/03 11:34:05 | 00,002,209 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/10/01 20:53:18 | 09,819,586 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\September_2009_Data_Update.rar

========== Files - No Company Name ==========
[2009/10/12 21:29:45 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\HijackThis.lnk
[2009/10/12 21:09:44 | 10,726,80960 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/12 20:23:36 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uteznja4.sys
[2009/10/11 23:53:06 | 00,018,692 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/10/11 23:49:00 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\d3dx9_3232.dll
[2009/10/11 23:49:00 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\peL21Ap9dYXKU.vbs
[2009/10/11 23:45:10 | 00,001,849 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/11 23:45:06 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\danim32.dll
[2009/10/11 23:45:05 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687C.manifest
[2009/10/11 23:45:05 | 00,003,011 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687P.manifest
[2009/10/11 23:45:05 | 00,000,617 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687O.manifest
[2009/10/11 23:45:05 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687S.manifest
[2009/10/11 23:44:57 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\FINFCHECK32.dll
[2009/10/11 23:44:56 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\cx0Yu.vbs
[2009/10/07 21:01:07 | 00,164,522 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\dollar.jpg
[2009/10/07 20:53:43 | 00,030,305 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\mmoney.jpg
[2009/10/07 19:58:23 | 00,149,457 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\modelpic.jpg
[2009/10/07 18:01:31 | 00,145,923 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\6pack.jpg
[2009/10/05 21:52:52 | 00,075,008 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\bman.jpg
[2009/10/05 21:16:12 | 00,064,544 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\piggy-bank.jpg
[2009/10/03 11:34:05 | 00,002,209 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/10/01 20:53:17 | 09,819,586 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\September_2009_Data_Update.rar
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/21 19:57:26 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/26 21:41:35 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/26 21:41:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/26 21:41:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/26 21:24:49 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/26 21:24:49 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/03 17:27:47 | 00,051,736 | ---- | C] () -- C:\Documents and Settings\IBM USER\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/27 11:31:21 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/08/21 21:34:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/08 19:18:44 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/03 21:18:06 | 00,000,220 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/12/03 21:18:06 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/12/03 21:18:06 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/11/23 19:43:58 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/11/14 18:42:27 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 12:01:59 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/16 05:46:35 | 00,095,528 | ---- | C] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/16 03:24:47 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/16 00:49:29 | 02,538,746 | -H-- | C] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\IconCache.db
[2006/10/16 00:49:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\desktop.ini
[2006/10/15 23:57:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/15 23:51:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/10/15 23:46:41 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/10/15 23:46:18 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/10/15 23:46:01 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/10/15 23:45:33 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/10/15 23:36:38 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/17 00:09:52 | 00,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 23:57:32 | 00,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 23:56:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2006/06/12 20:27:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/12/01 04:16:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/07/06 07:45:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/01/13 11:00:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 11:00:10 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/11/15 09:14:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/09/27 01:26:59 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/27 01:06:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/07/09 16:49:25 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1980/01/01 08:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 08:00:00 | 00,000,806 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 08:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/03 11:33:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/07 16:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/21 12:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/02/26 22:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/12/03 22:22:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/08/26 16:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/10/15 23:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2008/09/04 17:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/12/30 15:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/20 18:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2009/02/26 22:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/03 11:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/09/04 18:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/06/17 20:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/01/02 20:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2002/09/27 01:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/06 22:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/03 17:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/11 23:45:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\IBM USER\Application Data
[2009/03/24 00:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Auslogics
[2009/04/21 16:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/27 22:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Clickteam
[2009/04/21 12:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\CyberLink
[2009/06/12 21:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Download Manager
[2007/12/10 23:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\EbkReader
[2008/06/10 21:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\eBookPro6
[2007/11/22 22:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\IBM
[2007/12/03 20:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\InterVideo
[2009/05/14 22:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\LegalSounds
[2009/10/11 23:47:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\LimeWire
[2009/09/18 21:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Multimedia Player
[2008/01/17 21:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Nvu
[2008/08/21 21:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\OpenOffice.org2
[2009/02/26 22:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\ParetoLogic
[2008/09/04 18:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\PC Suite
[2007/12/30 15:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Rbet
[2009/07/19 11:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Reg Tool
[2009/05/14 21:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Samsung
[2008/02/01 21:59:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\IBM USER\Application Data\SecuROM
[2008/01/07 21:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\SmartFTP
[2008/07/08 19:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Snapfish
[2009/01/08 23:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\SpinTop
[2008/02/01 22:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Sports Interactive
[2008/03/09 14:32:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\ubi.com
[2008/10/30 15:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Windows Desktop Search
[2008/10/30 15:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Windows Search
[2009/06/01 08:48:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/10/16 02:38:40 | 00,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2002/08/29 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/12 21:11:30 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/12 21:11:06 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/06/28 03:04:02 | 00,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/12 21:09:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[5 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[5 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FA8AF63
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
  • 0

#3
handhfan
Posted 13 October 2009 - 05:19 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, owainb, and welcome to GeeksToGo!

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

  • 0

#4
owainb
Posted 14 October 2009 - 10:45 AM

owainb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi,

Thanks for getting back to me. Rally appreciate your help. Please see the logs you requested.



mbam-log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

14/10/2009 17:11:45
mbam-log-2009-10-14 (17-11-45).txt

Scan type: Quick Scan
Objects scanned: 107405
Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.


Root Repeal Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/14 17:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4518000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DC9000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1FFB000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_764.dat
Status: Allocation size mismatch (API: 4096, Raw: 16384)

Path: c:\windows\temp\wfv8.tmp
Status: Allocation size mismatch (API: 54243328, Raw: 54263808)

Path: c:\documents and settings\ibm user\privacie\index.dat
Status: Allocation size mismatch (API: 323584, Raw: 344064)

Path: c:\windows\system32\config\sysevent.evt
Status: Allocation size mismatch (API: 192512, Raw: 196608)

Path: c:\documents and settings\ibm user\local settings\temp\~dff1a4.tmp
Status: Allocation size mismatch (API: 49152, Raw: 16384)

Path: c:\windows\softwaredistribution\download\1c141ba9aab66bb4d0fd5783ec1d9490\bit11.tmp
Status: Allocation size mismatch (API: 1077248, Raw: 1110016)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\windows.edb
Status: Allocation size mismatch (API: 99840000, Raw: 99835904)

Path: c:\documents and settings\all users\application data\microsoft\search\data\temp\usgthrsvc\perflib_perfdata_284.dat
Status: Allocation size mismatch (API: 4096, Raw: 16384)

Path: C:\Documents and Settings\IBM USER\Local Settings\Apps\2.0\XBQCLO0R.3E4\PB80Q6MX.5EY\manifests\RBet32.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\IBM USER\Local Settings\Apps\2.0\XBQCLO0R.3E4\PB80Q6MX.5EY\manifests\RBet32.exe.manifest
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001001d.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010001.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010002.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010004.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000f.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010006.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010007.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001000d.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010019.wid
Status: Allocation size mismatch (API: 4096, Raw: 65536)

==EOF==
  • 0

#5
handhfan
Posted 14 October 2009 - 11:50 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
owainb
Posted 14 October 2009 - 03:36 PM

owainb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi, Please see th combo fix log. Again many thaks for your help!!!

ComboFix 09-10-14.01 - IBM USER 14/10/2009 21:59.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.592 [GMT 1:00]
Running from: c:\documents and settings\IBM USER\Desktop\Unused Desktop Shortcuts\Combo-Fix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\IBM USER\Application Data\020000009b1187e3687C.manifest
c:\documents and settings\IBM USER\Application Data\020000009b1187e3687O.manifest
c:\documents and settings\IBM USER\Application Data\020000009b1187e3687P.manifest
c:\documents and settings\IBM USER\Application Data\020000009b1187e3687S.manifest

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-13 17:47 . 2009-10-13 17:48 -------- dc----w- c:\program files\Packet Tracer 5.2
2009-10-12 19:54 . 2009-10-12 19:54 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-10-12 19:38 . 2009-10-12 19:38 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-10-12 19:32 . 2009-10-12 20:22 -------- dc----w- C:\SDFix
2009-10-11 22:44 . 2009-10-11 22:44 122368 -c--a-w- c:\windows\system32\FINFCHECK32.dll
2009-10-03 10:46 . 2001-11-25 11:11 81924 -c----w- c:\windows\system32\drivers\VC4CB104.SYS
2009-10-03 10:46 . 2009-10-03 10:46 -------- dc----w- c:\program files\REGSHAVE
2009-10-03 10:46 . 2002-06-25 09:06 45056 -c----w- c:\windows\system32\FINFCOPY.dll
2009-10-03 10:46 . 2002-02-27 11:27 65536 -c----w- c:\windows\system32\FINFCHECK.dll
2009-10-03 10:46 . 2002-02-13 10:00 45056 -c----w- c:\windows\system32\FCLKBTN.DLL
2009-10-03 10:46 . 2002-02-05 16:33 69632 -c----w- c:\windows\system32\FREGSHEX.DLL
2009-10-03 10:35 . 2009-10-03 10:35 -------- dc----w- c:\documents and settings\IBM USER\Local Settings\Application Data\PC_Drivers_Headquarters
2009-10-03 10:33 . 2009-10-03 10:33 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-10-03 10:33 . 2009-10-03 10:33 -------- dc----w- c:\program files\PC Drivers HeadQuarters
2009-09-23 16:43 . 2009-09-23 16:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-23 16:43 . 2009-09-23 16:43 -------- dc----w- c:\documents and settings\IBM USER\Application Data\Office Genuine Advantage
2009-09-18 20:05 . 2009-09-18 20:05 -------- dc----w- c:\program files\Audacity
2009-09-18 19:38 . 2009-09-18 19:38 -------- dc----w- c:\documents and settings\IBM USER\Application Data\DivX
2009-09-18 15:59 . 2009-09-23 18:20 -------- dc----w- c:\program files\Salter MiBody
2009-09-18 15:59 . 2009-09-18 15:59 -------- dc----w- c:\windows\Salter MiBody

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 17:06 . 2008-10-30 13:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 15:47 . 2008-12-11 20:57 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 21:11 . 2009-02-03 20:42 -------- dc----w- c:\program files\Championship Manager 01-02
2009-10-11 22:47 . 2008-04-24 22:31 -------- dc----w- c:\documents and settings\IBM USER\Application Data\LimeWire
2009-10-03 10:46 . 2006-10-15 22:45 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-18 20:02 . 2009-03-02 17:12 -------- dc----w- c:\documents and settings\IBM USER\Application Data\Multimedia Player
2009-09-10 15:35 . 2008-08-17 22:13 -------- dc----w- c:\program files\Microsoft Silverlight
2009-09-10 13:54 . 2008-12-11 20:57 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2008-12-11 20:57 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 20:37 . 2006-10-16 04:46 95528 -c--a-w- c:\documents and settings\IBM USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 22:33 . 2009-08-17 22:33 1193832 -c--a-w- c:\windows\system32\FM20.DLL
2009-08-06 18:24 . 2006-10-16 02:14 327896 -c--a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2005-05-26 11:19 209632 -c--a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2006-10-16 02:14 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2006-10-16 02:14 35552 -c--a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2002-09-27 00:11 53472 -c----w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 1980-01-01 07:00 96480 -c--a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2006-10-16 02:14 575704 -c--a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2008-01-27 14:01 274288 -c--a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2008-01-27 14:01 215920 -c--a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2002-09-27 00:11 1929952 -c--a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-10-16 02:24 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 -c--a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 -c--a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 -c--a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 1980-01-01 07:00 58880 -c--a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 1980-01-01 07:00 1435648 -c--a-w- c:\windows\system32\query.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_16.51.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 18:56 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-27 23:49 . 2008-05-27 23:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 04:58 . 2007-04-14 04:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 00:30 . 2008-05-28 00:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 05:30 . 2007-04-14 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-26 22:58 . 2006-10-26 22:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-10-14 17:04 . 2009-10-14 17:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ccb3a20d\System.Drawing.Design.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e663c9f5\CustomMarshalers.dll
+ 2005-01-28 20:44 . 2009-04-01 22:02 604160 c:\windows\system32\wmspdmod.dll
+ 2005-01-28 20:44 . 2009-04-01 22:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 04:58 . 2007-04-14 04:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 04:56 . 2007-04-14 04:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 05:30 . 2007-04-14 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 00:30 . 2008-05-28 00:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-10-30 13:52 . 2009-09-09 22:45 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-14 17:04 . 2009-10-14 17:04 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d48c1d44\System.Drawing.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b4ad4f72\System.Drawing.Design.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_185721be\CustomMarshalers.dll
+ 2009-10-14 16:37 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-28 00:35 . 2008-05-28 00:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 05:35 . 2007-04-14 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 00:35 . 2008-05-28 00:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 05:35 . 2007-04-14 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 04:57 . 2007-04-14 04:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-27 23:43 . 2008-05-27 23:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 04:50 . 2007-04-14 04:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-05 06:49 . 2009-08-05 06:49 3457024 c:\windows\Installer\2ce15f.msp
+ 2009-07-27 03:31 . 2009-07-27 03:31 3738624 c:\windows\Installer\2ce147.msp
+ 2009-09-18 08:30 . 2009-09-18 08:30 5016576 c:\windows\Installer\2ce131.msp
+ 2009-08-18 12:08 . 2009-08-18 12:08 1373696 c:\windows\Installer\2ce105.msp
- 2008-10-30 13:52 . 2009-09-09 22:45 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-30 13:52 . 2009-09-09 22:45 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-30 13:52 . 2009-10-14 17:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-08-24 07:10 . 2007-08-24 07:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-24 07:10 . 2007-08-24 07:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-23 01:03 . 2007-08-23 01:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2009-10-14 17:04 . 2009-10-14 17:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ada2f53c\System.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_284511c3\System.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a26de509\System.Xml.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_54ddc383\System.Xml.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_73613759\System.Windows.Forms.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6441092c\System.Windows.Forms.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f54ecfb2\System.Drawing.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e3778936\System.Design.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c2f3c1de\System.Design.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ca06006b\mscorlib.dll
+ 2009-10-14 17:04 . 2009-10-14 17:04 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3cc5725a\mscorlib.dll
+ 2009-10-14 17:03 . 2009-10-14 17:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-11-22 22:10 . 2007-11-22 22:10 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-14 17:03 . 2009-10-14 17:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-11-22 22:10 . 2007-11-22 22:10 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-10-16 03:11 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-08-10 20:08 . 2009-08-10 20:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 13:09 . 2009-08-10 13:09 17254912 c:\windows\Installer\2ce11c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"TPKBDLED"="c:\windows\System32\TpScrLk.exe" [2002-10-09 40960]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2005-10-29 45056]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-09-13 237568]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-06-27 88363]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496]
"BluetoothAuthenticationAgent"="irprops.cpl" - c:\windows\system32\irprops.cpl [2008-04-14 380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2007-12-04 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-27 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cc979ab4687]
2009-10-11 22:44 122368 -c--a-w- c:\windows\system32\FINFCHECK32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2006-04-17 20:01 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 -c--a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^IBM USER^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe"=

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [15/10/2006 23:45 16384]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [12/02/2009 23:43 135680]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2006-10-16 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-10-15 08:38]

2009-10-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-14 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://sitedirector.symantec.com/932743328/?ssdcat=103&spskum=10725608&spefsku=10751693&spskup=&psn=&plang=sym:EN&oslang=iso:ENG&oslocale=iso:GBR&vendid=130&vendtag=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090507063008
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www3.snapfish.co.uk/SnapfishActivia2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 22:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\FINFCHECK32.dll
c:\windows\system32\tphklock.dll
.
Completion time: 2009-10-14 22:15
ComboFix-quarantined-files.txt 2009-10-14 21:15
ComboFix2.txt 2009-10-13 16:53

Pre-Run: 6,629,576,704 bytes free
Post-Run: 6,677,286,912 bytes free

299 --- E O F --- 2009-10-14 17:11
  • 0

#7
handhfan
Posted 14 October 2009 - 10:19 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#8
owainb
Posted 17 October 2009 - 02:28 AM

owainb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi, finlly got the report you watnted after 34 hours of scanning! Hope I don't have to do that again. Thanks again for your help.

Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.BHO.abco File: C:\Qoobox\Quarantine\C\WINDOWS\system32\comsnap32.dll.vir
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\317.music.au.vir
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\318.music2.au.vir
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\319.music3.au.vir
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\320.music4.au.vir
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\WINDOWS\system32\LocalService\317.music.au
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\WINDOWS\system32\LocalService\318.music2.au
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\WINDOWS\system32\LocalService\319.music3.au
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\WINDOWS\system32\LocalService\320.music4.au
  • 0

#9
handhfan
Posted 17 October 2009 - 04:37 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Let's see a new OTL log. :)

Is your computer running better now?
  • 0

#10
owainb
Posted 18 October 2009 - 04:27 AM

owainb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi, yes laptop seems to be running fine now. Thanks for all your help. Please see my OTL scan results now

OTL logfile created on: 18/10/2009 11:17:12 - Run 3
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\IBM USER\Desktop\Unused Desktop Shortcuts
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.92 Mb Total Physical Memory | 397.16 Mb Available Physical Memory | 38.83% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 5.99 Gb Free Space | 16.08% Space Free | Partition Type: NTFS
Drive D: | 330.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWAIN
Current User Name: IBM USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/12 21:49:28 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM USER\Desktop\Unused Desktop Shortcuts\OTL.exe
PRC - [2009/06/10 23:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/02/16 09:55:38 | 00,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/12/07 16:02:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 20:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/10/02 18:19:48 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/09/13 10:23:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/06/16 23:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2006/06/16 23:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2006/05/30 23:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/04/17 21:13:00 | 00,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 21:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 21:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 20:59:10 | 00,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/14 22:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 22:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/11 09:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2005/11/09 00:07:02 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe
PRC - [2005/11/07 19:14:16 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\TpShocks.exe
PRC - [2005/10/29 03:04:30 | 00,045,056 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2005/07/05 22:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 20:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE
PRC - [2005/06/07 05:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe
PRC - [2005/05/26 05:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/10/14 17:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2003/10/29 11:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/07 00:08:00 | 00,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2003/06/27 16:53:32 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/01/07 22:52:16 | 00,495,616 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2002/10/09 06:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\TpScrLk.exe
PRC - [2002/09/20 22:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/07 16:02:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 01:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/04/07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/02/22 20:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2007/02/22 20:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/06/16 23:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/06/16 23:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/04/17 21:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2006/04/17 21:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2005/11/11 09:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2005/11/09 00:07:02 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [On_Demand | Running])
SRV - [2005/06/20 20:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE -- (TPHDEXLGSVC [Auto | Running])
SRV - [2005/06/07 05:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2005/05/26 05:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/16 20:37:58 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/09/20 22:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC 6B B6 01 46 1A D1 45 B7 18 8A 90 AF 15 90 43 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/07 16:02:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 00:18:15 | 00,000,000 | ---D | M]

[2009/06/29 22:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Extensions
[2009/06/29 22:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Extensions\[email protected]
[2009/10/11 23:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions
[2008/01/08 23:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions\{2c7bf5d2-2002-4912-95b2-7c2ee8a9ce7c}
[2009/10/13 17:29:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions\{68614531-b168-49fd-ba5c-00fc33d1c1f5}
[2008/01/08 23:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\mozilla\Firefox\Profiles\xyqptzep.default\extensions\[email protected]

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20090507063008 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Fish%20Tycoon/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish...shUKActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1160964812199 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} http://www3.snapfish...ishActivia2.cab (Snapfish Activia2)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Fish%20Tycoon/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...OCX/flashax.cab (FlashXControl Object)
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} http://www.theclickt...e4/vitalize.cab (Vitalize Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cc979ab4687: DllName - C:\WINDOWS\System32\FINFCHECK32.dll - C:\WINDOWS\System32\FINFCHECK32.dll ()
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/16 00:49:39 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/13 14:11:46 | 00,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2001/09/10 15:06:52 | 00,050,176 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/13 18:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\Packet Tracer 5.2
[2009/10/15 17:49:23 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\41043204.sys
[2009/10/15 17:33:09 | 00,000,000 | ---D | C] -- C:\e4e5fe4be8bb9b512cfe7ae005
[2009/10/15 17:28:25 | 46,263,704 | ---- | C] ( ) -- C:\Documents and Settings\IBM USER\Desktop\avp tool.exe
[2009/10/14 23:23:06 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\LocalService
[2009/10/14 22:15:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/14 17:21:45 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\IBM USER\Desktop\RootRepeal.exe
[2009/10/13 17:42:34 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/13 17:39:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/13 17:39:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/13 17:39:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/13 17:39:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/13 17:38:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/12 20:32:47 | 00,000,000 | ---D | C] -- C:\SDFix

========== Files - Modified Within 14 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/18 11:16:10 | 00,003,010 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687P.manifest
[2009/10/18 00:18:26 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687C.manifest
[2009/10/18 00:11:47 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/18 00:11:09 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 00:11:05 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687S.manifest
[2009/10/18 00:11:04 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687O.manifest
[2009/10/18 00:10:07 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/18 00:09:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 00:08:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/18 00:08:55 | 10,726,80960 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/17 09:53:03 | 02,277,632 | -H-- | M] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\IconCache.db
[2009/10/17 09:43:20 | 00,535,290 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/17 09:43:20 | 00,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/17 09:43:20 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 17:29:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 17:28:45 | 46,263,704 | ---- | M] ( ) -- C:\Documents and Settings\IBM USER\Desktop\avp tool.exe
[2009/10/14 23:23:06 | 00,001,651 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/14 22:11:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/14 17:22:10 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\settings.dat
[2009/10/14 17:21:27 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\RootRepeal.zip
[2009/10/13 18:48:23 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\Cisco Packet Tracer.lnk
[2009/10/13 17:42:51 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/10/12 21:01:38 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/10/12 00:06:00 | 00,000,806 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/11 23:44:57 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\FINFCHECK32.dll
[2009/10/11 22:28:48 | 00,164,522 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\dollar.jpg
[2009/10/11 22:27:04 | 00,149,457 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\modelpic.jpg
[2009/10/11 22:25:28 | 00,145,923 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\6pack.jpg
[2009/10/11 22:22:45 | 00,064,544 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\piggy-bank.jpg
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/07 20:53:33 | 00,030,305 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\mmoney.jpg
[2009/10/05 21:52:40 | 00,075,008 | ---- | M] () -- C:\Documents and Settings\IBM USER\My Documents\bman.jpg

========== Files - No Company Name ==========
[2009/10/17 09:01:19 | 10,726,80960 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/14 23:23:06 | 00,001,651 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/14 22:15:19 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687C.manifest
[2009/10/14 22:15:19 | 00,003,010 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687P.manifest
[2009/10/14 22:15:19 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687S.manifest
[2009/10/14 22:15:19 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\020000009b1187e3687O.manifest
[2009/10/14 18:02:02 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 17:21:56 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\settings.dat
[2009/10/14 17:21:20 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\RootRepeal.zip
[2009/10/13 18:48:23 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\Cisco Packet Tracer.lnk
[2009/10/13 17:42:50 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/13 17:42:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/13 17:39:23 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/13 17:39:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/13 17:39:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/13 17:39:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/11 23:44:57 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\FINFCHECK32.dll
[2009/10/07 21:01:07 | 00,164,522 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\dollar.jpg
[2009/10/07 20:53:43 | 00,030,305 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\mmoney.jpg
[2009/10/07 19:58:23 | 00,149,457 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\modelpic.jpg
[2009/10/07 18:01:31 | 00,145,923 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\6pack.jpg
[2009/10/05 21:52:52 | 00,075,008 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\bman.jpg
[2009/10/05 21:16:12 | 00,064,544 | ---- | C] () -- C:\Documents and Settings\IBM USER\My Documents\piggy-bank.jpg
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/21 19:57:26 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/26 21:41:35 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/26 21:41:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/26 21:41:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/26 21:24:49 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/26 21:24:49 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/03 17:27:47 | 00,051,736 | ---- | C] () -- C:\Documents and Settings\IBM USER\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/27 11:31:21 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/08/21 21:34:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/08 19:18:44 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/23 19:43:58 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/11/14 18:42:27 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 12:01:59 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/16 05:46:35 | 00,095,528 | ---- | C] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/16 03:24:47 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/16 00:49:29 | 02,277,632 | -H-- | C] () -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\IconCache.db
[2006/10/16 00:49:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\IBM USER\Application Data\desktop.ini
[2006/10/15 23:57:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/15 23:51:52 | 00,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/10/15 23:46:41 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/10/15 23:46:18 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/10/15 23:46:01 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/10/15 23:45:33 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/10/15 23:36:38 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/17 00:09:52 | 00,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 23:57:32 | 00,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 23:56:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2006/06/12 20:27:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/12/01 04:16:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/07/06 07:45:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/01/13 11:00:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 11:00:10 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/11/15 09:14:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/09/27 01:26:59 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/27 01:06:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/07/09 16:49:25 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1980/01/01 08:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 08:00:00 | 00,000,806 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 08:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/03 11:33:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/07 16:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/21 12:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/02/26 22:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/12/03 22:22:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/08/26 16:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/10/15 23:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2008/09/04 17:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/12/30 15:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/20 18:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2009/02/26 22:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/03 11:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/09/04 18:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/06/17 20:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/01/02 20:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2002/09/27 01:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/06 22:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/03 17:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/14 22:15:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\IBM USER\Application Data
[2009/03/24 00:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Auslogics
[2009/04/21 16:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/27 22:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Clickteam
[2009/04/21 12:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\CyberLink
[2009/06/12 21:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Download Manager
[2007/12/10 23:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\EbkReader
[2008/06/10 21:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\eBookPro6
[2007/11/22 22:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\IBM
[2007/12/03 20:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\InterVideo
[2009/05/14 22:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\LegalSounds
[2009/10/11 23:47:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\LimeWire
[2009/09/18 21:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Multimedia Player
[2008/01/17 21:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Nvu
[2008/08/21 21:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\OpenOffice.org2
[2009/02/26 22:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\ParetoLogic
[2008/09/04 18:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\PC Suite
[2007/12/30 15:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Rbet
[2009/07/19 11:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Reg Tool
[2009/05/14 21:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Samsung
[2008/02/01 21:59:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\IBM USER\Application Data\SecuROM
[2008/01/07 21:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\SmartFTP
[2008/07/08 19:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Snapfish
[2009/01/08 23:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\SpinTop
[2008/02/01 22:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Sports Interactive
[2008/03/09 14:32:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\ubi.com
[2008/10/30 15:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Windows Desktop Search
[2008/10/30 15:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\IBM USER\Application Data\Windows Search
[2009/06/01 08:48:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/10/16 02:38:40 | 00,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2002/08/29 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/18 00:11:47 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/18 00:10:07 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/06/28 03:04:02 | 00,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/18 00:09:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FA8AF63
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
  • 0

#11
handhfan
Posted 18 October 2009 - 05:29 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.2.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!
  • 0

#12
owainb
Posted 20 October 2009 - 12:27 PM

owainb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi,

Laptop is fine now! many thanks for your help. I've sent a small donation as a way of thnking you. Please feel free to close this topic.

Thanks Owain
  • 0

#13
handhfan
Posted 20 October 2009 - 02:08 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Thanks for the donation. Glad I could help you out. :)
  • 0

#14
handhfan
Posted 20 October 2009 - 02:08 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP