Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lenovo Ideapad S12 - Lost/broken os etc..


  • This topic is locked This topic is locked

#1
j994

j994

    Member

  • Member
  • PipPip
  • 23 posts
My problem is I tried removing this malware/virus type program that disguised itself as antivirus software and wanted me to buy into getting rid of these fake errors. I downloaded Malware bytes and removed what seemed to be the problem and restarted to finish the removal like it told me. I restarted and everything looked good, the lenovo screen popped up and loaded but no windows screen. instead I get a blinking white cursor on a black background in the the top left corner of the screen. If I hold any buttons for a prolonged amount of time I get an annoying beeping. I have access to my BIOS and a small boot menu. I've tried booting to a Ubuntu netbook remix usb and an AVG usb. Problem with this computer is there is no CD drive. When I first tried my Ubuntu usb it tryed to go to a network boot which Im not very familiar with. I dont care about any of the data on the hard drive, its all replaceable, I just need the computer to bootup to any os. If any additional information is needed I'll be happy to try and get it to anyone.

Summary:

Problem-
Starting up to a black screen blinking cursor and beeping keys

What I have-
Broken-Lenovo Ideapad S12 runnning Windows Xp sp3 and Ubuntu netbook remix
Can use to fix- Two usb flashdrives, Two Macbooks

I do not care about data, any can be replaced, please any help is needed

Thanks in advance
  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi j994,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

I am not proficient with MAC OS'es so these instructions would involve finding a working XP machine. :D


Step One

On a clean XP machine

  • Please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders, find "Hide extension for known file types" and uncheck it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

Next

  • Insert your USB Flash Drive (UFD).
  • Download hpusbfw.exe to your Desktop.
  • Double click "hpusbfw.exe" to run HP USB Disk Storage Format Tool 2.0.6.0.

    Posted Image

    • Choose your USB under "Device"
    • For "File system", choose "FAT"
    • Under "Volume label", type in the name "Bootloader"
    • Leave un-checked "Quick Format" and "Create a DOS startup disk"
    • Click "Start"
  • Copy these two files, from the root of the Windows drive (C:\) to the UFD:

    NTLDR
    Ntdetect.com

Next

  • Open Notepad (go to Start>All Programs>Accessories and click Notepad)
  • Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
    [boot loader]
    timeout=-1
    default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="A) Emergency Boot Loader" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="B) Emergency Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="C) Alternate Boot Loader" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="D) Alternate Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    
  • Now return to Notepad and use CTRL + V (or rightclick on the whitespace and Paste) to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to the UFD as "boot.ini" using Save as Type: All files

Your Emergency Bootloader is now ready.

Booting using the Emergency Bootloader.
  • Insert the USB (UFD) to the ailing computer.
  • Reboot the system using the UFD Bootloader you just created.
  • Depending on how the harddisk is partitioned, choosing (A) Emergency Bootloader will most of the time do the trick. If however it doesnt work, please try options B,C and D

Note : If you do not know how to set your computer to boot from USB follow the steps here



Step Two

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Download the following file scan.txt to your Desktop.
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Once I get my hands on a windows computer I will do this, thank you for the quick reply
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi j994,

Can you try if the laptop's recovery option is functional.

Turn off the laptop then press the "One Touch Key" located in the keyboard and see if it fires up the recovery partition.

:D
  • 0

#5
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Nope, I had already tried that, alls it does is act as if I had just pushed the power button. Loads up, see the lenovo screen and black screen and cursor.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi j994,

Welcome back. :D

Were you able to get your hands on a windows machine?
  • 0

#8
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I actually had to run a emulator on one of the Macs. I followed your instructions and am happy to say Im actually running on my windows netbook. I ran into a problem after downloading OTL, is there a download for the custom "scan.txt"? It says download but with no link. Where would it be?
  • 0

#9
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:D Here it is.
Attached File  Scan.txt   460bytes   334 downloads
  • 0

#10
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thank you, scanning now
  • 0

Advertisements


#11
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Otl.txt
OTL logfile created on: 1/12/2011 11:16:19 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Jon\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 3.64 Gb Free Space | 3.50% Space Free | Partition Type: FAT32
Drive D: | 18.61 Gb Total Space | 16.16 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.99% Space Free | Partition Type: FAT

Computer Name: JONSLAPTOP | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/12 11:15:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\My Documents\Downloads\OTL.exe
PRC - [2010/11/30 20:02:36 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/11/12 09:49:28 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe
PRC - [2010/10/08 03:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2010/08/18 10:09:40 | 000,114,688 | ---- | M] (FrostWire Group) -- C:\Program Files\FrostWire\FrostWire.exe
PRC - [2010/03/15 08:20:38 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/07/07 12:27:24 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009/03/26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009/01/17 15:17:46 | 000,164,528 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2009/01/17 14:59:28 | 000,185,008 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/01/17 14:59:02 | 000,234,160 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/01/04 12:57:28 | 004,462,464 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/12/26 10:05:46 | 001,277,952 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2005/11/18 13:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


========== Modules (SafeList) ==========

MOD - [2011/01/12 11:15:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/07 12:27:24 | 000,241,752 | ---- | M] () -- C:\WINDOWS\system32\IcnOvrly.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
SRV - [2010/11/12 09:49:28 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/10 07:01:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/03/26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/01/17 15:17:46 | 000,164,528 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/01/17 14:59:28 | 000,185,008 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2005/11/18 13:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\clwvd.sys -- (clwvd)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/20 04:36:24 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/10/08 09:44:34 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/08 09:44:34 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/08 09:44:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/08 09:26:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 00:00:02 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/01 07:44:08 | 000,000,000 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2010/05/22 23:47:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/06 12:02:00 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 13:03:52 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 11:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 10:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 10:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 08:22:58 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/30 08:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/05/08 09:06:10 | 000,203,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/11 15:30:44 | 001,225,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/02/03 14:42:32 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/02 14:00:02 | 005,056,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 14:00:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/02 14:00:02 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008/02/15 13:12:08 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/09/17 13:00:12 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 13:54:34 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.live.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/10/11 15:30:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{38165785-148A-49E8-BC27-4C28D9A80C9A}: C:\Documents and Settings\Jon\Local Settings\Application Data\{38165785-148A-49E8-BC27-4C28D9A80C9A}\ [2010/12/08 22:26:54 | 000,000,000 | ---D | M]

[2010/03/15 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
[2010/03/15 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/11/15 12:28:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 10:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/12 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/01/12 10:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/01/12 00:18:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/01/12 00:18:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/11 23:49:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/12 11:09:52 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2011/01/12 10:38:52 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/01/12 10:33:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 10:32:32 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Google Chrome.lnk
[2011/01/12 10:32:32 | 000,002,150 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/12 00:21:20 | 000,482,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/12 00:21:20 | 000,086,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/12 00:17:40 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/01/12 00:17:32 | 003,593,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/12 00:16:50 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/01/12 00:16:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/11 23:42:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/12 10:38:50 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2010/11/15 10:11:36 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/15 11:20:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/30 08:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\adfs.sys
[2010/09/19 11:27:53 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\.mpid
[2010/06/17 01:49:33 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/22 23:47:01 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/19 07:34:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\winscp.rnd
[2010/04/06 11:06:56 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 21:39:46 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ba479ac0.dat
[2010/01/11 15:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/07 14:09:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/07 12:27:25 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/07/07 12:27:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/07/07 12:27:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/07/07 12:27:23 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/07/07 12:27:23 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/07/07 12:27:23 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/07/07 12:27:23 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/07/07 12:27:23 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/07/07 12:27:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/07/07 12:27:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/07/07 12:27:22 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/07/07 12:27:22 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/07/07 12:27:22 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/07/07 12:27:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/07/07 12:27:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/07/07 12:27:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/07/07 12:27:19 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/07/07 11:54:44 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/07/07 11:43:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2006/07/28 09:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) MD5=DEDB237CA07F66F40C9BA321EF10E4A9 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) MD5=DEDB237CA07F66F40C9BA321EF10E4A9 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: MSGINA.DLL >
[2004/08/04 12:00:00 | 000,994,304 | ---- | M] (Microsoft Corporation) MD5=A29AF639AA180CC68C59242A10E1D3B1 -- C:\WINDOWS\$NtServicePackUninstall$\msgina.dll
[2008/04/14 05:42:00 | 003,234,816 | ---- | M] (Microsoft Corporation) MD5=CE54DE29823991FDA15F6ED374DEE939 -- C:\WINDOWS\ServicePackFiles\i386\msgina.dll
[2008/04/14 05:42:00 | 003,234,816 | ---- | M] (Microsoft Corporation) MD5=CE54DE29823991FDA15F6ED374DEE939 -- C:\WINDOWS\system32\msgina.dll
[2008/04/14 05:42:00 | 000,997,376 | ---- | M] (Microsoft Corporation) MD5=D7B7A57C0E57C836F18CF12A4C62A1CA -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\msgina.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=A55B8899D2EA2E800061BCFD456E34DC -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=A55B8899D2EA2E800061BCFD456E34DC -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2011/01/12 00:16:30 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/07/07 11:30:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/15 12:10:14 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2010/10/15 10:04:22 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2006/07/28 10:06:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/28 10:06:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/28 10:06:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/12 11:40:04 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2011/01/12 11:22:52 | 000,001,534 | ---- | M] () -- C:\HeadNotify.log
[2011/01/12 00:16:52 | 000,087,631 | ---- | M] () -- C:\sysiclog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/15 10:55:44 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2010/12/08 22:31:14 | 000,001,202 | ---- | M] () -- C:\rkill.log
[2011/01/12 00:16:50 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/07/28 09:55:50 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/07/28 09:55:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/28 09:55:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< C:\Windows\MiniDump >
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >
[2010/11/22 03:00:16 | 008,921,088 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP66\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/22 22:36:54 | 008,921,088 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP67\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/23 04:43:46 | 008,921,088 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP68\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/24 03:00:16 | 008,925,184 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP69\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/25 03:00:32 | 008,925,184 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP70\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/26 03:00:16 | 008,925,184 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP71\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/27 17:48:32 | 008,929,280 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP72\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/28 03:00:16 | 008,929,280 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP73\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/29 20:42:48 | 008,929,280 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP74\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/11/30 03:00:16 | 008,929,280 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP75\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 20:39:42 | 008,933,376 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP76\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 20:48:48 | 008,933,376 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP77\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 20:49:20 | 008,933,376 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP78\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 21:40:26 | 008,970,240 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP79\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 23:50:34 | 008,986,624 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP80\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 23:51:18 | 008,986,624 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP81\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 23:51:42 | 008,982,528 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP82\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/01 23:54:38 | 008,982,528 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP83\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/02 03:01:26 | 008,982,528 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP84\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/04 00:14:16 | 008,994,816 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP85\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/05 01:23:38 | 008,998,912 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP86\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/05 03:00:14 | 008,998,912 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP87\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/06 03:00:22 | 008,998,912 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP88\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/07 03:00:16 | 009,003,008 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP89\snapshot\_REGISTRY_MACHINE_SYSTEM
[2010/12/08 03:00:18 | 009,007,104 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP90\snapshot\_REGISTRY_MACHINE_SYSTEM
[2011/01/11 23:44:12 | 009,023,488 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP91\snapshot\_REGISTRY_MACHINE_SYSTEM
[2011/01/12 10:30:22 | 009,031,680 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP92\snapshot\_REGISTRY_MACHINE_SYSTEM
[2011/01/12 11:18:36 | 009,039,872 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP93\snapshot\_REGISTRY_MACHINE_SYSTEM

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >
[2010/11/22 03:00:16 | 031,993,856 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP66\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/22 22:36:52 | 031,993,856 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP67\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/23 04:43:44 | 031,993,856 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP68\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/24 03:00:14 | 032,108,544 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP69\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/25 03:00:28 | 032,190,464 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP70\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/26 03:00:16 | 032,321,536 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP71\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/27 17:48:32 | 032,452,608 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP72\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/28 03:00:14 | 032,550,912 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP73\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/29 20:42:48 | 032,681,984 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP74\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/11/30 03:00:14 | 032,796,672 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP75\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 20:39:40 | 032,927,744 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP76\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 20:48:46 | 032,927,744 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP77\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 20:49:18 | 032,927,744 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP78\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 21:40:26 | 033,255,424 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP79\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 23:50:34 | 033,435,648 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP80\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 23:51:16 | 033,517,568 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP81\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 23:51:40 | 033,533,952 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP82\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/01 23:54:38 | 033,533,952 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP83\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/02 03:01:24 | 033,914,880 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP84\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/04 00:14:14 | 033,914,880 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP85\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/05 01:23:38 | 033,914,880 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP86\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/05 03:00:14 | 033,914,880 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP87\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/06 03:00:20 | 034,140,160 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP88\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/07 03:00:16 | 034,189,312 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP89\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2010/12/08 03:00:18 | 034,271,232 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP90\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/11 23:44:08 | 034,353,152 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP91\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/12 10:30:20 | 034,353,152 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP92\snapshot\_REGISTRY_MACHINE_SOFTWARE
[2011/01/12 11:18:34 | 034,353,152 | ---- | M] () -- c:\System Volume Information\_restore{F8136B96-1D4C-4145-839F-7B8F940A9052}\RP93\snapshot\_REGISTRY_MACHINE_SOFTWARE

< c:\|winnt32;true;true;true /FP >
[2008/04/14 08:05:40 | 000,048,128 | ---- | M] (Microsoft Corporation) -- c:\Documents and Settings\Jon\Desktop\Media\CD\I386\WINNT32.EXE
[2001/08/23 20:00:00 | 000,019,955 | ---- | M] () -- c:\Documents and Settings\Jon\Desktop\Media\CD\I386\WINNT32.HLP
[2008/04/14 13:23:30 | 000,066,048 | ---- | M] () -- c:\Documents and Settings\Jon\Desktop\Media\CD\I386\WINNT32.MSI
[2008/04/14 13:41:12 | 001,171,456 | ---- | M] (Microsoft Corporation) -- c:\Documents and Settings\Jon\Desktop\Media\CD\I386\WINNT32A.DLL
[2008/04/14 13:41:12 | 001,298,432 | ---- | M] (Microsoft Corporation) -- c:\Documents and Settings\Jon\Desktop\Media\CD\I386\WINNT32U.DLL

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"

< >

< >

< End of report >

Extras.txt
OTL Extras logfile created on: 1/12/2011 11:16:19 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Jon\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 3.64 Gb Free Space | 3.50% Space Free | Partition Type: FAT32
Drive D: | 18.61 Gb Total Space | 16.16 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.99% Space Free | Partition Type: FAT

Computer Name: JONSLAPTOP | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58150:TCP" = 58150:TCP:*:Enabled:Pando Media Booster
"58150:UDP" = 58150:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"59104:TCP" = 59104:TCP:*:Enabled:Pando Media Booster
"59104:UDP" = 59104:UDP:*:Enabled:Pando Media Booster
"58150:TCP" = 58150:TCP:*:Enabled:Pando Media Booster
"58150:UDP" = 58150:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\Launcher.exe:*:Disabled:Sid Meier's Civilization V - Demo -- File not found
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\CivilizationV.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\CivilizationV.exe:*:Disabled:Sid Meier's Civilization V - Demo -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11432CAF-EA32-4102-9AEE-5D31F2E9F762}" = Microsoft XNA Game Studio 3.1 Zune Extensions
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{601D774D-0D04-4CB1-9E3B-5394FAAFA1FB}" = VMware DiskMount Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C7D45F8-050B-4BF6-835A-01D8C5A48F10}" = DataKeeper
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE79E274-824C-4F9C-9534-587132E29AA1}" = Lenovo Idea Notes
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2602F16-02D1-4F1C-99A5-E246C522A59D}" = Lenovo First Boot
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Defcon_is1" = Defcon
"FrostWire" = FrostWire 4.21.1
"GamersFirst LIVE!" = GamersFirst LIVE!
"HDMI" = Intel® Graphics Media Accelerator Driver
"ID Vault" = ID Vault
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{6C7D45F8-050B-4BF6-835A-01D8C5A48F10}" = PowerQuest DataKeeper 5.0
"Lenovo Idea Central" = Lenovo Idea Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RegCure" = RegCure 1.5.0.1
"Seven Remix XP" = Seven Remix XP 2.4
"uTorrent" = µTorrent
"VeriFace III" = VeriFace III
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.2.7
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA Mobile Games" = EA Mobile Games
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2010 9:28:00 PM | Computer Name = JONSLAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/8/2010 9:28:00 PM | Computer Name = JONSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/8/2010 9:28:01 PM | Computer Name = JONSLAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/8/2010 9:28:01 PM | Computer Name = JONSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/8/2010 9:32:34 PM | Computer Name = JONSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application delfix70700cssupdt.exe, version 2.4.5600.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2010 9:41:57 PM | Computer Name = JONSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 6.0.2900.6036, fault address 0x000bf251.

Error - 1/12/2011 12:48:14 AM | Computer Name = JONSLAPTOP | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccgame.exe, P2 3.1.0.0, P3 4a1e2d59, P4 mscorlib,
P5 2.0.0.0, P6 4be90358, P7 41bb, P8 27, P9 system.invalidoperationexception, P10
NIL.

Error - 1/12/2011 9:30:03 AM | Computer Name = JONSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 9:30:03 AM | Computer Name = JONSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2594

Error - 1/12/2011 9:30:03 AM | Computer Name = JONSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2594

[ System Events ]
Error - 1/12/2011 12:39:47 AM | Computer Name = JONSLAPTOP | Source = ZuneNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupt. Verify that DRM-protected files play correctly in the Zune software,
then restart the ZuneNetworkSvc service.

Error - 1/12/2011 12:39:58 AM | Computer Name = JONSLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 1/12/2011 12:42:20 AM | Computer Name = JONSLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Zune Network Sharing Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/12/2011 12:42:23 AM | Computer Name = JONSLAPTOP | Source = ZuneNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupt. Verify that DRM-protected files play correctly in the Zune software,
then restart the ZuneNetworkSvc service.

Error - 1/12/2011 12:42:23 AM | Computer Name = JONSLAPTOP | Source = ZuneNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupt. Verify that DRM-protected files play correctly in the Zune software,
then restart the ZuneNetworkSvc service.

Error - 1/12/2011 12:42:24 AM | Computer Name = JONSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Zune Network Sharing Service service terminated unexpectedly.
It has done this 3 time(s).

Error - 1/12/2011 12:42:28 AM | Computer Name = JONSLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 1/12/2011 12:42:32 AM | Computer Name = JONSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 3 time(s).

Error - 1/12/2011 9:30:24 AM | Computer Name = JONSLAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/12/2011 9:30:24 AM | Computer Name = JONSLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

#12
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi j994,

You have a backdoor trojan installed on your computer.

Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.
  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

=====================================

Some reminders:

µTorrent, Limewire and Vuze are Peer-to-peer (P2P) programs. These applications can provide medium for entry of unverified data which tend to corrupt your system - a great way to infect your computer. Those who participate in P2P file sharing both provide files for others to download by uploading them onto their computers. They also download the files of others who have uploaded music and videos onto their own computers. Many times, however, networks will make it so your own files can be uploaded by others.

You may consider that P2P downloads are:

  • Not always legal. While Limewire, BitComet and P2P programs are themselves legal, downloading music, videos, and so forth (depending on the site) is often in violation of copyright laws, and many people have been prosecuted for downloading files illegal.
  • Malware - P2P is one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.

    You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

======================================

Step One

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\Documents and Settings\All Users\Application Data\ba479ac0.dat
Click Submit/Send File
Please post back, to let me know the results.

Step Two

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
    FF - HKLM\software\mozilla\Firefox\extensions\\{38165785-148A-49E8-BC27-4C28D9A80C9A}: C:\Documents and Settings\Jon\Local Settings\Application Data\{38165785-148A-49E8-BC27-4C28D9A80C9A}\ [2010/12/08 22:26:54 | 000,000,000 | ---D | M]
    NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step Three

Remove the USB stick when performing the following fixes.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Four

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


------------------------------------------------

What emulator did you use to create the bootable USB. I'd have that. :D

Edited by Salagubang, 13 January 2011 - 07:15 AM.

  • 0

#13
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
First Test found nothing, from step one

Otl quick scan after reboot


OTL logfile created on: 1/13/2011 6:12:57 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Jon\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 556.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 6.73 Gb Free Space | 6.48% Space Free | Partition Type: FAT32
Drive D: | 18.61 Gb Total Space | 16.16 Gb Free Space | 86.83% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.99% Space Free | Partition Type: FAT

Computer Name: JONSLAPTOP | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 12:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\My Documents\Downloads\OTL.exe
PRC - [2010/11/12 09:49:28 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/07/07 12:27:24 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009/03/26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009/01/17 15:17:46 | 000,164,528 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2009/01/17 14:59:28 | 000,185,008 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/01/17 14:59:02 | 000,234,160 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/01/04 12:57:28 | 004,462,464 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/12/26 10:05:46 | 001,277,952 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2005/11/18 13:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 12:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/12 09:49:28 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/10 07:01:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/03/26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/01/17 15:17:46 | 000,164,528 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/01/17 14:59:28 | 000,185,008 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2005/11/18 13:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\clwvd.sys -- (clwvd)
DRV - [2010/10/20 04:36:24 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/10/08 09:44:34 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/08 09:44:34 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/08 09:44:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/08 09:26:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 00:00:02 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/01 07:44:08 | 000,000,000 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2010/05/22 23:47:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/06 12:02:00 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 13:03:52 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 11:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 10:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 10:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 08:22:58 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/30 08:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/05/08 09:06:10 | 000,203,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/11 15:30:44 | 001,225,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/02/03 14:42:32 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/02 14:00:02 | 005,056,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 14:00:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/02 14:00:02 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008/02/15 13:12:08 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/09/17 13:00:12 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 13:54:34 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.live.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/10/11 15:30:42 | 000,000,000 | ---D | M]

[2010/03/15 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
[2010/03/15 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/01/13 12:07:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 10:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 12:07:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/12 23:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\13oct2010
[2011/01/12 23:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\GetRightToGo
[2011/01/12 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/01/12 10:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

========== Files - Modified Within 30 Days ==========

[2011/01/13 18:09:10 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/01/13 18:09:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 12:06:14 | 000,482,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/13 12:06:14 | 000,086,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/13 12:01:48 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/01/13 12:01:40 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/01/13 05:41:06 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2011/01/12 21:06:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1917736239-2159755504-3346137428-1008Core.job
[2011/01/12 12:28:56 | 003,594,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/12 10:38:52 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/01/12 10:33:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 10:32:32 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Google Chrome.lnk
[2011/01/12 10:32:32 | 000,002,150 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/11 23:42:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/25 13:21:38 | 729,696,256 | ---- | M] () -- C:\Documents and Settings\Jon\My Documents\Ubun.iso
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/12 10:38:50 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2010/11/15 10:11:36 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/15 11:20:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/30 08:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\adfs.sys
[2010/09/19 11:27:53 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\.mpid
[2010/06/17 01:49:33 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/22 23:47:01 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/19 07:34:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\winscp.rnd
[2010/04/06 11:06:56 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 21:39:46 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ba479ac0.dat
[2010/01/11 15:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/07 14:09:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/07 12:27:25 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/07/07 12:27:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/07/07 12:27:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/07/07 12:27:23 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/07/07 12:27:23 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/07/07 12:27:23 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/07/07 12:27:23 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/07/07 12:27:23 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/07/07 12:27:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/07/07 12:27:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/07/07 12:27:22 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/07/07 12:27:22 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/07/07 12:27:22 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/07/07 12:27:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/07/07 12:27:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/07/07 12:27:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/07/07 12:27:19 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/07/07 11:54:44 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/07/07 11:43:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2006/07/28 09:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2009/07/07 12:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/07/07 12:15:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DDNI
[2009/07/07 12:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2010/03/13 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GuardID Systems
[2010/03/13 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/03/13 23:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2010/03/15 07:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/13 09:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2010/05/02 08:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/05 03:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2010/05/05 03:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2010/05/05 03:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\redistpart
[2010/05/07 03:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/22 02:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/05/22 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/22 11:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/09/10 06:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/09/10 07:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2010/10/06 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/21 07:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/11/09 05:55:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/11/09 05:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/19 14:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/07/07 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ID Vault
[2010/03/14 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\uTorrent
[2010/04/22 07:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\WeatherBug
[2010/04/23 08:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Styler
[2010/04/26 06:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\SystemRequirementsLab
[2010/04/26 07:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\My Games
[2010/05/22 02:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ooVoo Details
[2010/05/22 23:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\DAEMON Tools Lite
[2010/06/07 10:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/16 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Raptr
[2010/06/16 11:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Azureus
[2010/08/19 09:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ManyCam
[2010/08/19 09:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\OxelonMC
[2010/08/24 01:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\oovootb
[2010/09/29 07:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\.minecraft
[2010/10/13 04:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Tific
[2010/10/29 09:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\FrostWire
[2010/11/09 05:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\TuneUp Software
[2010/12/08 22:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\943A16318CC132DA28B265B3236ED9A6
[2011/01/12 23:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\GetRightToGo
[2011/01/13 12:01:40 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011/01/13 12:01:48 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job

========== Purity Check ==========



< End of report >
  • 0

#14
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
After TDSkiller reboot


2011/01/13 18:30:19.0562 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/13 18:30:19.0562 ================================================================================
2011/01/13 18:30:19.0562 SystemInfo:
2011/01/13 18:30:19.0562
2011/01/13 18:30:19.0562 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/13 18:30:19.0562 Product type: Workstation
2011/01/13 18:30:19.0562 ComputerName: JONSLAPTOP
2011/01/13 18:30:19.0562 UserName: Jon
2011/01/13 18:30:19.0562 Windows directory: C:\WINDOWS
2011/01/13 18:30:19.0562 System windows directory: C:\WINDOWS
2011/01/13 18:30:19.0562 Processor architecture: Intel x86
2011/01/13 18:30:19.0562 Number of processors: 2
2011/01/13 18:30:19.0562 Page size: 0x1000
2011/01/13 18:30:19.0562 Boot type: Normal boot
2011/01/13 18:30:19.0562 ================================================================================
2011/01/13 18:30:20.0343 Initialize success
2011/01/13 18:30:31.0328 ================================================================================
2011/01/13 18:30:31.0328 Scan started
2011/01/13 18:30:31.0328 Mode: Manual;
2011/01/13 18:30:31.0328 ================================================================================
2011/01/13 18:30:32.0593 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/13 18:30:32.0703 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/13 18:30:32.0859 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
2011/01/13 18:30:33.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/13 18:30:33.0703 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/13 18:30:35.0312 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/13 18:30:35.0890 ApfiltrService (83c822899ffba5e6b733dba9eebc7e32) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/01/13 18:30:36.0187 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/13 18:30:37.0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/13 18:30:37.0671 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/13 18:30:38.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/13 18:30:38.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/13 18:30:38.0703 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/13 18:30:38.0906 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/13 18:30:38.0984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/13 18:30:39.0250 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
2011/01/13 18:30:39.0562 Cam5607 (cc89576696f985f941142edc2c7e6b95) C:\WINDOWS\system32\Drivers\BisonC07.sys
2011/01/13 18:30:39.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/13 18:30:39.0921 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/13 18:30:40.0171 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys
2011/01/13 18:30:40.0562 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/13 18:30:40.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/13 18:30:40.0968 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/13 18:30:42.0015 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/13 18:30:42.0703 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/13 18:30:44.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/13 18:30:44.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/13 18:30:44.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/13 18:30:44.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/13 18:30:45.0093 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/13 18:30:45.0562 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/13 18:30:45.0734 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/13 18:30:46.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/13 18:30:46.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/13 18:30:46.0625 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/13 18:30:46.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/13 18:30:47.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/13 18:30:47.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/13 18:30:47.0328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/13 18:30:47.0468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/13 18:30:47.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/13 18:30:48.0093 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/13 18:30:48.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/13 18:30:48.0843 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/13 18:30:49.0734 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/13 18:30:50.0093 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/13 18:30:50.0343 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/13 18:30:50.0640 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSxpx86.sys
2011/01/13 18:30:50.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/13 18:30:51.0562 IntcAzAudAddService (e304748137d6cd6e1cf98bddea20bfa2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/13 18:30:52.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/13 18:30:52.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/13 18:30:52.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/13 18:30:52.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/13 18:30:53.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/13 18:30:53.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/13 18:30:53.0578 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/13 18:30:53.0703 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/13 18:30:54.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/13 18:30:54.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/13 18:30:54.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/13 18:30:54.0390 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/13 18:30:54.0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/13 18:30:55.0062 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/13 18:30:55.0234 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/01/13 18:30:55.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/13 18:30:55.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/13 18:30:55.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/13 18:30:56.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/13 18:30:56.0562 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/13 18:30:56.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/13 18:30:56.0906 Scan interrupted by user!
2011/01/13 18:30:56.0906 Scan interrupted by user!
2011/01/13 18:30:56.0906 ================================================================================
2011/01/13 18:30:56.0906 Scan finished
2011/01/13 18:30:56.0906 ================================================================================
2011/01/13 18:31:01.0171 ================================================================================
2011/01/13 18:31:01.0171 Scan started
2011/01/13 18:31:01.0171 Mode: Manual;
2011/01/13 18:31:01.0171 ================================================================================
2011/01/13 18:31:02.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/13 18:31:02.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/13 18:31:02.0609 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
2011/01/13 18:31:03.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/13 18:31:03.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/13 18:31:05.0078 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/13 18:31:05.0625 ApfiltrService (83c822899ffba5e6b733dba9eebc7e32) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/01/13 18:31:05.0937 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/13 18:31:07.0109 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/13 18:31:07.0234 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/13 18:31:07.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/13 18:31:08.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/13 18:31:08.0203 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/13 18:31:08.0390 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/13 18:31:08.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/13 18:31:08.0718 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
2011/01/13 18:31:09.0000 Cam5607 (cc89576696f985f941142edc2c7e6b95) C:\WINDOWS\system32\Drivers\BisonC07.sys
2011/01/13 18:31:09.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/13 18:31:09.0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/13 18:31:09.0578 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys
2011/01/13 18:31:09.0984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/13 18:31:10.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/13 18:31:10.0406 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/13 18:31:11.0343 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/13 18:31:12.0000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/13 18:31:13.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/13 18:31:13.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/13 18:31:13.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/13 18:31:13.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/13 18:31:14.0109 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/13 18:31:14.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/13 18:31:14.0703 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/13 18:31:15.0015 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/13 18:31:15.0265 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/13 18:31:15.0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/13 18:31:15.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/13 18:31:16.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/13 18:31:16.0078 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/13 18:31:16.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/13 18:31:16.0250 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/13 18:31:16.0546 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/13 18:31:16.0843 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/13 18:31:17.0078 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/13 18:31:17.0531 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/13 18:31:18.0375 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/13 18:31:18.0687 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/13 18:31:18.0859 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/13 18:31:19.0140 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSxpx86.sys
2011/01/13 18:31:19.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/13 18:31:20.0046 IntcAzAudAddService (e304748137d6cd6e1cf98bddea20bfa2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/13 18:31:20.0703 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/13 18:31:21.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/13 18:31:21.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/13 18:31:21.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/13 18:31:21.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/13 18:31:21.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/13 18:31:21.0984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/13 18:31:22.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/13 18:31:22.0375 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/13 18:31:22.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/13 18:31:22.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/13 18:31:22.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/13 18:31:23.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/13 18:31:23.0468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/13 18:31:23.0640 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/01/13 18:31:23.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/13 18:31:23.0937 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/13 18:31:24.0171 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/13 18:31:24.0703 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/13 18:31:24.0875 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/13 18:31:25.0171 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/13 18:31:25.0437 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/13 18:31:25.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/13 18:31:25.0906 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/13 18:31:26.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/13 18:31:26.0453 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/13 18:31:26.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/13 18:31:27.0281 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/13 18:31:27.0640 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVENG.SYS
2011/01/13 18:31:27.0843 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVEX15.SYS
2011/01/13 18:31:28.0125 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/13 18:31:28.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/13 18:31:28.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/13 18:31:28.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/13 18:31:29.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/13 18:31:29.0265 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/13 18:31:29.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/13 18:31:29.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/13 18:31:30.0125 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/13 18:31:30.0375 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/13 18:31:30.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/13 18:31:30.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/13 18:31:30.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/13 18:31:30.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/13 18:31:31.0171 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/13 18:31:31.0406 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/13 18:31:31.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/13 18:31:31.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/13 18:31:31.0781 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/13 18:31:32.0203 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/13 18:31:32.0437 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/13 18:31:34.0890 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/13 18:31:35.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/13 18:31:35.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/13 18:31:35.0265 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/13 18:31:36.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/13 18:31:37.0125 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/13 18:31:37.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/13 18:31:37.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/13 18:31:37.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/13 18:31:37.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/13 18:31:37.0875 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/13 18:31:38.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/13 18:31:38.0281 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/01/13 18:31:38.0453 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/13 18:31:39.0062 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/13 18:31:39.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/13 18:31:39.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/13 18:31:39.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/01/13 18:31:40.0453 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/13 18:31:40.0984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/13 18:31:41.0171 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/13 18:31:41.0171 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/13 18:31:41.0187 sptd - detected Locked file (1)
2011/01/13 18:31:41.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/13 18:31:41.0703 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS
2011/01/13 18:31:41.0953 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS
2011/01/13 18:31:42.0171 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/13 18:31:42.0421 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/13 18:31:42.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/13 18:31:42.0765 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/13 18:31:43.0546 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS
2011/01/13 18:31:43.0828 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS
2011/01/13 18:31:44.0031 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/13 18:31:44.0203 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS
2011/01/13 18:31:44.0421 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS
2011/01/13 18:31:45.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/13 18:31:45.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/13 18:31:45.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/13 18:31:45.0968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/13 18:31:46.0140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/13 18:31:46.0640 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
2011/01/13 18:31:46.0921 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/13 18:31:47.0546 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/13 18:31:47.0765 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/13 18:31:47.0953 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/13 18:31:48.0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/13 18:31:48.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/13 18:31:48.0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/13 18:31:48.0796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/13 18:31:48.0968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/13 18:31:49.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/13 18:31:49.0375 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/13 18:31:49.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/13 18:31:50.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/13 18:31:50.0296 vstor2 (a0d3bad9c038cb7e789574bd7997a163) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
2011/01/13 18:31:50.0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/13 18:31:50.0640 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/13 18:31:51.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/13 18:31:51.0234 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/01/13 18:31:51.0437 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/01/13 18:31:51.0625 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/13 18:31:51.0828 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/13 18:31:52.0031 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/13 18:31:52.0171 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys
2011/01/13 18:31:52.0312 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/13 18:31:52.0453 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/13 18:31:52.0640 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/01/13 18:31:52.0750 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/13 18:31:52.0765 ================================================================================
2011/01/13 18:31:52.0765 Scan finished
2011/01/13 18:31:52.0765 ================================================================================
2011/01/13 18:31:52.0796 Detected object count: 2
2011/01/13 18:32:17.0218 Locked file(sptd) - User select action: Skip
2011/01/13 18:32:17.0296 \HardDisk0 - will be cured after reboot
2011/01/13 18:32:17.0296 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/13 18:32:22.0921 Deinitialize success
  • 0

#15
j994

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry for the triple post but, not sure if my computer with combofix is still scanning or frozen, mousepad irresponsive and whatnot but Ill let it sit. In the meantime I was able to get the old desktop pc working with a copy of Ubuntu 10.10. My netbook (thats scanning now) still has all default startup programs disabled so I cant use the internet for the time from there. Still scanning probably been 20 minutes or so. And for the emulator I used, it was virtualbox from http://www.virtualbox.org. Great and easy program, will post back after this scan is over.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP