Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus


  • This topic is locked This topic is locked

#1
Court0830

Court0830

    Member

  • Member
  • PipPip
  • 13 posts
Redirects while trying to browse, usually to yellow pages or some other search. Malwarebytes Antimalware doesnt detect any virus. Any help would be great!

OTL logfile created on: 8/3/2011 11:11:51 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Courtney\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.71% Memory free
6.12 Gb Paging File | 4.38 Gb Available in Paging File | 71.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 25.74 Gb Free Space | 18.67% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF1.02
Drive Q: | 9.77 Gb Total Space | 3.66 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.99% Space Free | Partition Type: NTFS

Computer Name: COURTNEY-PC | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
PRC - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/03/23 19:02:18 | 000,866,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/11/25 11:59:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/10 14:43:24 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/10 14:43:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/10 14:13:38 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/28 15:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/15 13:50:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/01/02 21:15:19 | 000,355,328 | ---- | M] (Stardust Software) -- C:\Windows\SCMain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) [Auto | Running] -- C:\Windows\System32\p2pnetsh32.exe -- (TrustedInstaller32)
SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/04 03:51:00 | 003,347,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 16:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/15 11:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 11:32:48 | 000,068,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/01/17 11:32:36 | 000,058,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/01/17 11:32:24 | 000,177,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 06:15:14 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/17 21:32:44 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/08/14 20:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/15 13:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 12:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Courtney\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Courtney\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Courtney\Program Files\DNA [2010/12/28 11:27:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meep\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Courtney\AppData\Roaming\Move Networks [2010/03/22 19:09:36 | 000,000,000 | ---D | M]

[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/07/31 21:18:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0D3C6824-2AA1-4071-8069-62FDF72AF7E9} - C:\Windows\System32\AudioEng32.dll ()
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\System32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Framework] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} http://www.shockwave...Web.1.0.0.5.cab (CPlayFirstNightShiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://www.shockwave...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2009/09/21 15:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | ---- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 18:46:54 | 000,000,049 | ---- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{624e3d7c-8b95-11de-8e69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{624e3d7c-8b95-11de-8e69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:10:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/02 14:52:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0CBBB515-D4E1-4146-BD1F-E3B5F34A0049}
[2011/08/02 14:51:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{520B13A7-35D3-42F4-90A3-01795522D3BE}
[2011/08/01 15:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CAM Development
[2011/08/01 15:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CAM Development
[2011/08/01 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{EC5748C4-0CF8-4D7E-86E2-53CC548A002C}
[2011/08/01 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{00A0CEA9-8222-42EB-B0D9-6A1548C3722C}
[2011/07/31 21:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unzip Wizard
[2011/07/31 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Unzip Wizard
[2011/07/31 21:41:47 | 000,000,000 | ---D | C] -- C:\extensions
[2011/07/31 21:41:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Conduit
[2011/07/31 21:18:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 21:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{B1B53669-0037-4367-9EDF-D69AE1010FCC}
[2011/07/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0B0EC17A-3F61-47C0-B011-1E18DDBF22F5}
[2011/07/30 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FBE3D3C6-49C3-4F19-AA48-49B28AB0C2E5}
[2011/07/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{6D604161-2DEF-49A8-9056-8A6FE51244DA}
[2011/07/29 22:05:32 | 000,786,432 | ---- | C] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
[2011/07/29 22:05:28 | 000,786,432 | ---- | C] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
[2011/07/29 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A37F53F3-47BB-45B0-BE12-12F95420C038}
[2011/07/29 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{481BBBB5-7CD1-483D-B4D5-EB5363F25FE1}
[2011/07/29 11:44:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AB597B62-CB8B-4B9E-B2FB-D8A2F06D8296}
[2011/07/28 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{25FC9962-3746-4193-BD70-01247A300A7F}
[2011/07/27 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4FF7DDBC-46F8-47E0-BD3C-62A3C195BB95}
[2011/07/26 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\.scribus
[2011/07/26 16:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14
[2011/07/26 16:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Easy_BioSolutions_Inc
[2011/07/26 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Trinity
[2011/07/26 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FC171FAC-F099-4910-9098-0E789A21BB7F}
[2011/07/25 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{ABD99B6D-E87B-4DDF-8C00-A88368402656}
[2011/07/25 08:54:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{41BDD70C-9B7C-4835-8C9A-E832A1EE3973}
[2011/07/24 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A3D1BCFC-CE5C-4C21-ADA4-BBA23D9B9162}
[2011/07/22 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{E7EEB785-A977-4734-B172-A3C2B284226A}
[2011/07/21 16:25:45 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A7631C61-6F0C-4372-9527-0E0BF6EE8B5C}
[2011/07/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AE4EDE32-00A1-419A-8108-2AB311F66735}
[2011/07/18 13:57:34 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{418EC837-958B-4F66-950F-508072C08CA7}
[2011/07/13 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7C2496DF-3247-4A6C-B6CC-0A69E7C88A27}
[2011/07/13 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{2318D173-FC5F-48D3-8C81-60F87B1BAAFC}
[2011/07/12 21:16:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1AF09E38-78AC-4238-AD95-612BA2857CC1}
[2011/07/12 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{8582BC79-EE4F-40D8-B37B-04A14F95749B}
[2011/07/11 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{10B78833-233A-4A6C-B2B5-D4390F95DB37}
[2011/07/10 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{43D26DE0-43A4-409A-8CD4-68952109155E}
[2011/07/09 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3899AC11-6F9E-4D29-91FF-95B478393F88}
[2011/07/08 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9488FADA-96E5-4C43-BBC9-7975AABA0014}
[2011/07/07 13:04:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9B7C2246-3089-410F-915B-F81ABE7B2BE4}
[2011/07/06 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1C549277-4A9B-42DD-82DC-7080067B1901}
[2011/07/06 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7CA9683B-1EB5-4690-B2EE-0328A4D1F28B}
[2011/07/05 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4328D891-CD5E-4DC6-91F9-BDFE5638772A}
[2011/07/04 23:38:10 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{DF059CD9-2A85-41CA-B86D-9DDB0254CFA6}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/03 10:50:47 | 000,012,609 | -HS- | M] () -- C:\ProgramData\dnsapi32.dll
[2011/08/03 10:50:47 | 000,000,105 | ---- | M] () -- C:\Windows\System32\315996094
[2011/08/03 10:42:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 10:42:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 10:42:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 21:59:51 | 000,027,426 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/08/02 21:33:26 | 000,012,609 | -HS- | M] () -- C:\ProgramData\compstui32.dll
[2011/08/02 20:33:19 | 000,012,609 | -HS- | M] () -- C:\ProgramData\DfrgRes32.dll
[2011/08/02 19:31:21 | 000,012,609 | -HS- | M] () -- C:\ProgramData\msswch32.dll
[2011/08/02 18:27:09 | 000,012,609 | -HS- | M] () -- C:\ProgramData\igdumdx3232.dll
[2011/08/02 16:16:53 | 3179,311,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 16:11:04 | 000,012,575 | -HS- | M] () -- C:\ProgramData\xactengine2_232.dll
[2011/08/02 15:10:59 | 000,012,575 | -HS- | M] () -- C:\ProgramData\osbaseln32.dll
[2011/08/01 21:15:19 | 000,012,575 | -HS- | M] () -- C:\ProgramData\catsrv32.dll
[2011/08/01 20:15:01 | 000,012,575 | -HS- | M] () -- C:\ProgramData\olepro3232.dll
[2011/08/01 19:14:53 | 000,012,575 | -HS- | M] () -- C:\ProgramData\icaapi32.dll
[2011/08/01 18:14:49 | 000,012,575 | -HS- | M] () -- C:\ProgramData\wuapi32.dll
[2011/08/01 17:14:45 | 000,012,575 | -HS- | M] () -- C:\ProgramData\hccutils32.dll
[2011/08/01 16:14:36 | 000,012,575 | -HS- | M] () -- C:\ProgramData\spwizeng32.dll
[2011/08/01 15:22:58 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2011/08/01 15:12:29 | 000,012,575 | -HS- | M] () -- C:\ProgramData\wsdchngr32.dll
[2011/08/01 11:29:14 | 000,012,575 | -HS- | M] () -- C:\ProgramData\davclnt32.dll
[2011/07/31 22:29:45 | 000,012,575 | -HS- | M] () -- C:\ProgramData\AudioEng32.dll
[2011/07/31 21:18:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/31 21:18:16 | 000,012,541 | -HS- | M] () -- C:\ProgramData\mciqtz3232.dll
[2011/07/31 15:18:51 | 000,012,541 | -HS- | M] () -- C:\ProgramData\ipsmsnap32.dll
[2011/07/31 14:18:48 | 000,012,541 | -HS- | M] () -- C:\ProgramData\objsel32.dll
[2011/07/31 13:18:46 | 000,012,541 | -HS- | M] () -- C:\ProgramData\sxproxy32.dll
[2011/07/31 12:18:12 | 000,012,541 | -HS- | M] () -- C:\ProgramData\dbnmpntw32.dll
[2011/07/31 12:15:32 | 000,699,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 12:15:32 | 000,137,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/30 20:42:47 | 000,012,541 | -HS- | M] () -- C:\ProgramData\MSVidCtl32.dll
[2011/07/30 19:42:44 | 000,012,541 | -HS- | M] () -- C:\ProgramData\cabinet32.dll
[2011/07/30 14:18:46 | 000,012,541 | -HS- | M] () -- C:\ProgramData\msctf32.dll
[2011/07/30 13:18:40 | 000,012,541 | -HS- | M] () -- C:\ProgramData\dhcpcmonitor32.dll
[2011/07/29 22:05:25 | 000,358,912 | ---- | M] () -- C:\Windows\System32\AudioEng32.dll
[2011/07/28 11:43:08 | 000,005,235 | ---- | M] () -- C:\Users\Courtney\.recently-used.xbel
[2011/07/27 11:23:16 | 000,423,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
[2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
[2011/07/25 14:06:58 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 19:49:02 | 000,002,035 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 10:50:47 | 000,012,609 | -HS- | C] () -- C:\ProgramData\dnsapi32.dll
[2011/08/02 21:33:26 | 000,012,609 | -HS- | C] () -- C:\ProgramData\compstui32.dll
[2011/08/02 20:33:19 | 000,012,609 | -HS- | C] () -- C:\ProgramData\DfrgRes32.dll
[2011/08/02 19:31:21 | 000,012,609 | -HS- | C] () -- C:\ProgramData\msswch32.dll
[2011/08/02 18:27:09 | 000,012,609 | -HS- | C] () -- C:\ProgramData\igdumdx3232.dll
[2011/08/02 16:11:04 | 000,012,575 | -HS- | C] () -- C:\ProgramData\xactengine2_232.dll
[2011/08/02 15:10:59 | 000,012,575 | -HS- | C] () -- C:\ProgramData\osbaseln32.dll
[2011/08/01 21:15:19 | 000,012,575 | -HS- | C] () -- C:\ProgramData\catsrv32.dll
[2011/08/01 20:15:01 | 000,012,575 | -HS- | C] () -- C:\ProgramData\olepro3232.dll
[2011/08/01 19:14:53 | 000,012,575 | -HS- | C] () -- C:\ProgramData\icaapi32.dll
[2011/08/01 18:14:49 | 000,012,575 | -HS- | C] () -- C:\ProgramData\wuapi32.dll
[2011/08/01 17:14:45 | 000,012,575 | -HS- | C] () -- C:\ProgramData\hccutils32.dll
[2011/08/01 16:14:36 | 000,012,575 | -HS- | C] () -- C:\ProgramData\spwizeng32.dll
[2011/08/01 15:22:58 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2011/08/01 15:12:29 | 000,012,575 | -HS- | C] () -- C:\ProgramData\wsdchngr32.dll
[2011/08/01 11:29:14 | 000,012,575 | -HS- | C] () -- C:\ProgramData\davclnt32.dll
[2011/07/31 22:29:45 | 000,012,575 | -HS- | C] () -- C:\ProgramData\AudioEng32.dll
[2011/07/31 21:18:16 | 000,012,541 | -HS- | C] () -- C:\ProgramData\mciqtz3232.dll
[2011/07/31 15:18:51 | 000,012,541 | -HS- | C] () -- C:\ProgramData\ipsmsnap32.dll
[2011/07/31 14:18:48 | 000,012,541 | -HS- | C] () -- C:\ProgramData\objsel32.dll
[2011/07/31 13:18:46 | 000,012,541 | -HS- | C] () -- C:\ProgramData\sxproxy32.dll
[2011/07/31 12:18:12 | 000,012,541 | -HS- | C] () -- C:\ProgramData\dbnmpntw32.dll
[2011/07/30 20:42:47 | 000,012,541 | -HS- | C] () -- C:\ProgramData\MSVidCtl32.dll
[2011/07/30 19:42:44 | 000,012,541 | -HS- | C] () -- C:\ProgramData\cabinet32.dll
[2011/07/30 14:18:46 | 000,012,541 | -HS- | C] () -- C:\ProgramData\msctf32.dll
[2011/07/30 13:18:40 | 000,012,541 | -HS- | C] () -- C:\ProgramData\dhcpcmonitor32.dll
[2011/07/29 22:05:28 | 000,000,105 | ---- | C] () -- C:\Windows\System32\315996094
[2011/07/29 22:05:25 | 000,358,912 | ---- | C] () -- C:\Windows\System32\AudioEng32.dll
[2011/07/28 11:43:08 | 000,005,235 | ---- | C] () -- C:\Users\Courtney\.recently-used.xbel
[2011/07/18 19:49:02 | 000,002,035 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/03/17 17:09:51 | 000,011,120 | -HS- | C] () -- C:\Users\Courtney\AppData\Local\(+.X)+.,-V),X
[2011/03/17 17:09:51 | 000,011,120 | -HS- | C] () -- C:\ProgramData\(+.X)+.,-V),X
[2011/01/17 17:12:31 | 000,000,007 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\uid_pal
[2011/01/08 17:05:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 12:34:42 | 000,130,832 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/01/23 12:34:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/01/05 21:07:02 | 000,001,356 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d9caps.dat
[2009/11/25 15:44:26 | 000,000,552 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d8caps.dat
[2009/10/03 12:34:24 | 000,002,152 | ---- | C] () -- C:\Windows\unins000.dat
[2009/09/17 14:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 14:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 14:20:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/01 14:45:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\PnkBstrK.sys
[2009/08/30 11:22:19 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/30 11:22:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/30 11:22:16 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/30 01:50:27 | 000,008,704 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 00:15:24 | 000,027,426 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/08/17 21:29:12 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/08/17 21:29:12 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/17 21:27:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/08/17 21:27:23 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/08/17 21:27:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/08/17 21:27:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/17 21:19:32 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/17 21:19:32 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/17 21:19:32 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/17 21:19:31 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/17 20:50:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/17 20:47:09 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,423,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,699,680 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,137,916 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/09/21 10:43:11 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/30 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\DNA
[2010/09/15 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Elluminate
[2011/06/01 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GetRightToGo
[2011/07/27 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\gtk-2.0
[2011/02/24 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Image Zone Express
[2009/10/02 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\InterVideo
[2010/12/07 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Jane s Hotel 3
[2009/08/29 07:06:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Lenovo
[2010/09/29 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Printer Info Cache
[2010/03/06 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SecondLife
[2011/05/30 14:23:28 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/02 16:15:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/16 22:27:37 | 000,010,746 | ---- | M] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx
[2009/12/04 14:15:38 | 000,010,746 | ---- | C] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx

< End of report >
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Court0830! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following scans for me please, then get back to me with logs that they create...


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log

  • 0

#3
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL log

OTL logfile created on: 8/4/2011 12:56:59 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Courtney\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 52.40% Memory free
6.12 Gb Paging File | 4.52 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 27.28 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF1.02
Drive Q: | 9.77 Gb Total Space | 3.66 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.99% Space Free | Partition Type: NTFS

Computer Name: COURTNEY-PC | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
PRC - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/03/23 19:02:18 | 000,866,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/10 14:43:24 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/10 14:43:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/10 14:13:38 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/28 15:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/15 13:50:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/01/02 21:15:19 | 000,355,328 | ---- | M] (Stardust Software) -- C:\Windows\SCMain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) [Auto | Running] -- C:\Windows\System32\p2pnetsh32.exe -- (TrustedInstaller32)
SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/04 03:51:00 | 003,347,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 16:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/15 11:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 11:32:48 | 000,068,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/01/17 11:32:36 | 000,058,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/01/17 11:32:24 | 000,177,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 06:15:14 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/17 21:32:44 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/08/14 20:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/15 13:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 12:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]

IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Courtney\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Courtney\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Courtney\Program Files\DNA [2010/12/28 11:27:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meep\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Courtney\AppData\Roaming\Move Networks [2010/03/22 19:09:36 | 000,000,000 | ---D | M]

[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/07/31 21:18:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0D3C6824-2AA1-4071-8069-62FDF72AF7E9} - C:\Windows\System32\AudioEng32.dll ()
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\System32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Framework] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1468059031-3913809058-885387311-1003..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} http://www.shockwave...Web.1.0.0.5.cab (CPlayFirstNightShiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://www.shockwave...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2009/09/21 15:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | ---- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 18:46:54 | 000,000,049 | ---- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{624e3d7c-8b95-11de-8e69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{624e3d7c-8b95-11de-8e69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1468059031-3913809058-885387311-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:27:28 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{84798EF1-1E09-47A3-A495-FB077B9E6AC3}
[2011/08/03 11:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3FB7178F-C0F5-4A7B-9598-06FF418AD547}
[2011/08/03 11:10:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/02 14:52:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0CBBB515-D4E1-4146-BD1F-E3B5F34A0049}
[2011/08/02 14:51:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{520B13A7-35D3-42F4-90A3-01795522D3BE}
[2011/08/01 15:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CAM Development
[2011/08/01 15:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CAM Development
[2011/08/01 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{EC5748C4-0CF8-4D7E-86E2-53CC548A002C}
[2011/08/01 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{00A0CEA9-8222-42EB-B0D9-6A1548C3722C}
[2011/07/31 21:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unzip Wizard
[2011/07/31 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Unzip Wizard
[2011/07/31 21:41:47 | 000,000,000 | ---D | C] -- C:\extensions
[2011/07/31 21:41:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Conduit
[2011/07/31 21:18:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 21:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{B1B53669-0037-4367-9EDF-D69AE1010FCC}
[2011/07/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0B0EC17A-3F61-47C0-B011-1E18DDBF22F5}
[2011/07/30 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FBE3D3C6-49C3-4F19-AA48-49B28AB0C2E5}
[2011/07/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{6D604161-2DEF-49A8-9056-8A6FE51244DA}
[2011/07/29 22:05:32 | 000,786,432 | ---- | C] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
[2011/07/29 22:05:28 | 000,786,432 | ---- | C] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
[2011/07/29 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A37F53F3-47BB-45B0-BE12-12F95420C038}
[2011/07/29 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{481BBBB5-7CD1-483D-B4D5-EB5363F25FE1}
[2011/07/29 11:44:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AB597B62-CB8B-4B9E-B2FB-D8A2F06D8296}
[2011/07/28 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{25FC9962-3746-4193-BD70-01247A300A7F}
[2011/07/27 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4FF7DDBC-46F8-47E0-BD3C-62A3C195BB95}
[2011/07/26 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\.scribus
[2011/07/26 16:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14
[2011/07/26 16:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Easy_BioSolutions_Inc
[2011/07/26 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Trinity
[2011/07/26 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FC171FAC-F099-4910-9098-0E789A21BB7F}
[2011/07/25 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{ABD99B6D-E87B-4DDF-8C00-A88368402656}
[2011/07/25 08:54:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{41BDD70C-9B7C-4835-8C9A-E832A1EE3973}
[2011/07/24 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A3D1BCFC-CE5C-4C21-ADA4-BBA23D9B9162}
[2011/07/22 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{E7EEB785-A977-4734-B172-A3C2B284226A}
[2011/07/21 16:25:45 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A7631C61-6F0C-4372-9527-0E0BF6EE8B5C}
[2011/07/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AE4EDE32-00A1-419A-8108-2AB311F66735}
[2011/07/18 13:57:34 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{418EC837-958B-4F66-950F-508072C08CA7}
[2011/07/13 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7C2496DF-3247-4A6C-B6CC-0A69E7C88A27}
[2011/07/13 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{2318D173-FC5F-48D3-8C81-60F87B1BAAFC}
[2011/07/12 21:16:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1AF09E38-78AC-4238-AD95-612BA2857CC1}
[2011/07/12 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{8582BC79-EE4F-40D8-B37B-04A14F95749B}
[2011/07/11 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{10B78833-233A-4A6C-B2B5-D4390F95DB37}
[2011/07/10 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{43D26DE0-43A4-409A-8CD4-68952109155E}
[2011/07/09 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3899AC11-6F9E-4D29-91FF-95B478393F88}
[2011/07/08 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9488FADA-96E5-4C43-BBC9-7975AABA0014}
[2011/07/07 13:04:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9B7C2246-3089-410F-915B-F81ABE7B2BE4}
[2011/07/06 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1C549277-4A9B-42DD-82DC-7080067B1901}
[2011/07/06 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7CA9683B-1EB5-4690-B2EE-0328A4D1F28B}
[2011/07/05 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4328D891-CD5E-4DC6-91F9-BDFE5638772A}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 12:50:07 | 000,027,426 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/08/04 12:47:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 12:47:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 12:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/04 12:47:22 | 3179,311,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 18:58:01 | 000,012,609 | -HS- | M] () -- C:\ProgramData\wmdrmdev32.dll
[2011/08/03 18:58:01 | 000,000,105 | ---- | M] () -- C:\Windows\System32\315996094
[2011/08/03 18:52:50 | 000,005,235 | ---- | M] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/03 17:57:56 | 000,012,609 | -HS- | M] () -- C:\ProgramData\XAPOFX1_032.dll
[2011/08/03 16:57:54 | 000,012,609 | -HS- | M] () -- C:\ProgramData\wlihvui32.dll
[2011/08/03 15:57:49 | 000,012,609 | -HS- | M] () -- C:\ProgramData\TOOLHELP32.dll
[2011/08/03 13:54:29 | 000,012,609 | -HS- | M] () -- C:\ProgramData\iepeers32.dll
[2011/08/03 12:54:13 | 000,012,609 | -HS- | M] () -- C:\ProgramData\nlhtml32.dll
[2011/08/03 11:54:08 | 000,012,609 | -HS- | M] () -- C:\ProgramData\inetpp32.dll
[2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/03 10:50:47 | 000,012,609 | -HS- | M] () -- C:\ProgramData\dnsapi32.dll
[2011/08/02 21:33:26 | 000,012,609 | -HS- | M] () -- C:\ProgramData\compstui32.dll
[2011/08/02 20:33:19 | 000,012,609 | -HS- | M] () -- C:\ProgramData\DfrgRes32.dll
[2011/08/02 19:31:21 | 000,012,609 | -HS- | M] () -- C:\ProgramData\msswch32.dll
[2011/08/02 18:27:09 | 000,012,609 | -HS- | M] () -- C:\ProgramData\igdumdx3232.dll
[2011/08/02 16:11:04 | 000,012,575 | -HS- | M] () -- C:\ProgramData\xactengine2_232.dll
[2011/08/02 15:10:59 | 000,012,575 | -HS- | M] () -- C:\ProgramData\osbaseln32.dll
[2011/08/01 21:15:19 | 000,012,575 | -HS- | M] () -- C:\ProgramData\catsrv32.dll
[2011/08/01 20:15:01 | 000,012,575 | -HS- | M] () -- C:\ProgramData\olepro3232.dll
[2011/08/01 19:14:53 | 000,012,575 | -HS- | M] () -- C:\ProgramData\icaapi32.dll
[2011/08/01 18:14:49 | 000,012,575 | -HS- | M] () -- C:\ProgramData\wuapi32.dll
[2011/08/01 17:14:45 | 000,012,575 | -HS- | M] () -- C:\ProgramData\hccutils32.dll
[2011/08/01 16:14:36 | 000,012,575 | -HS- | M] () -- C:\ProgramData\spwizeng32.dll
[2011/08/01 15:22:58 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2011/08/01 15:12:29 | 000,012,575 | -HS- | M] () -- C:\ProgramData\wsdchngr32.dll
[2011/08/01 11:29:14 | 000,012,575 | -HS- | M] () -- C:\ProgramData\davclnt32.dll
[2011/07/31 22:29:45 | 000,012,575 | -HS- | M] () -- C:\ProgramData\AudioEng32.dll
[2011/07/31 21:18:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/31 21:18:16 | 000,012,541 | -HS- | M] () -- C:\ProgramData\mciqtz3232.dll
[2011/07/31 15:18:51 | 000,012,541 | -HS- | M] () -- C:\ProgramData\ipsmsnap32.dll
[2011/07/31 14:18:48 | 000,012,541 | -HS- | M] () -- C:\ProgramData\objsel32.dll
[2011/07/31 13:18:46 | 000,012,541 | -HS- | M] () -- C:\ProgramData\sxproxy32.dll
[2011/07/31 12:18:12 | 000,012,541 | -HS- | M] () -- C:\ProgramData\dbnmpntw32.dll
[2011/07/31 12:15:32 | 000,699,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 12:15:32 | 000,137,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/30 20:42:47 | 000,012,541 | -HS- | M] () -- C:\ProgramData\MSVidCtl32.dll
[2011/07/30 19:42:44 | 000,012,541 | -HS- | M] () -- C:\ProgramData\cabinet32.dll
[2011/07/30 14:18:46 | 000,012,541 | -HS- | M] () -- C:\ProgramData\msctf32.dll
[2011/07/30 13:18:40 | 000,012,541 | -HS- | M] () -- C:\ProgramData\dhcpcmonitor32.dll
[2011/07/29 22:05:25 | 000,358,912 | ---- | M] () -- C:\Windows\System32\AudioEng32.dll
[2011/07/27 11:23:16 | 000,423,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
[2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
[2011/07/25 14:06:58 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 19:49:02 | 000,002,035 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 18:58:01 | 000,012,609 | -HS- | C] () -- C:\ProgramData\wmdrmdev32.dll
[2011/08/03 18:52:50 | 000,005,235 | ---- | C] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/03 17:57:56 | 000,012,609 | -HS- | C] () -- C:\ProgramData\XAPOFX1_032.dll
[2011/08/03 16:57:54 | 000,012,609 | -HS- | C] () -- C:\ProgramData\wlihvui32.dll
[2011/08/03 15:57:49 | 000,012,609 | -HS- | C] () -- C:\ProgramData\TOOLHELP32.dll
[2011/08/03 13:54:29 | 000,012,609 | -HS- | C] () -- C:\ProgramData\iepeers32.dll
[2011/08/03 12:54:13 | 000,012,609 | -HS- | C] () -- C:\ProgramData\nlhtml32.dll
[2011/08/03 11:54:08 | 000,012,609 | -HS- | C] () -- C:\ProgramData\inetpp32.dll
[2011/08/03 10:50:47 | 000,012,609 | -HS- | C] () -- C:\ProgramData\dnsapi32.dll
[2011/08/02 21:33:26 | 000,012,609 | -HS- | C] () -- C:\ProgramData\compstui32.dll
[2011/08/02 20:33:19 | 000,012,609 | -HS- | C] () -- C:\ProgramData\DfrgRes32.dll
[2011/08/02 19:31:21 | 000,012,609 | -HS- | C] () -- C:\ProgramData\msswch32.dll
[2011/08/02 18:27:09 | 000,012,609 | -HS- | C] () -- C:\ProgramData\igdumdx3232.dll
[2011/08/02 16:11:04 | 000,012,575 | -HS- | C] () -- C:\ProgramData\xactengine2_232.dll
[2011/08/02 15:10:59 | 000,012,575 | -HS- | C] () -- C:\ProgramData\osbaseln32.dll
[2011/08/01 21:15:19 | 000,012,575 | -HS- | C] () -- C:\ProgramData\catsrv32.dll
[2011/08/01 20:15:01 | 000,012,575 | -HS- | C] () -- C:\ProgramData\olepro3232.dll
[2011/08/01 19:14:53 | 000,012,575 | -HS- | C] () -- C:\ProgramData\icaapi32.dll
[2011/08/01 18:14:49 | 000,012,575 | -HS- | C] () -- C:\ProgramData\wuapi32.dll
[2011/08/01 17:14:45 | 000,012,575 | -HS- | C] () -- C:\ProgramData\hccutils32.dll
[2011/08/01 16:14:36 | 000,012,575 | -HS- | C] () -- C:\ProgramData\spwizeng32.dll
[2011/08/01 15:22:58 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2011/08/01 15:12:29 | 000,012,575 | -HS- | C] () -- C:\ProgramData\wsdchngr32.dll
[2011/08/01 11:29:14 | 000,012,575 | -HS- | C] () -- C:\ProgramData\davclnt32.dll
[2011/07/31 22:29:45 | 000,012,575 | -HS- | C] () -- C:\ProgramData\AudioEng32.dll
[2011/07/31 21:18:16 | 000,012,541 | -HS- | C] () -- C:\ProgramData\mciqtz3232.dll
[2011/07/31 15:18:51 | 000,012,541 | -HS- | C] () -- C:\ProgramData\ipsmsnap32.dll
[2011/07/31 14:18:48 | 000,012,541 | -HS- | C] () -- C:\ProgramData\objsel32.dll
[2011/07/31 13:18:46 | 000,012,541 | -HS- | C] () -- C:\ProgramData\sxproxy32.dll
[2011/07/31 12:18:12 | 000,012,541 | -HS- | C] () -- C:\ProgramData\dbnmpntw32.dll
[2011/07/30 20:42:47 | 000,012,541 | -HS- | C] () -- C:\ProgramData\MSVidCtl32.dll
[2011/07/30 19:42:44 | 000,012,541 | -HS- | C] () -- C:\ProgramData\cabinet32.dll
[2011/07/30 14:18:46 | 000,012,541 | -HS- | C] () -- C:\ProgramData\msctf32.dll
[2011/07/30 13:18:40 | 000,012,541 | -HS- | C] () -- C:\ProgramData\dhcpcmonitor32.dll
[2011/07/29 22:05:28 | 000,000,105 | ---- | C] () -- C:\Windows\System32\315996094
[2011/07/29 22:05:25 | 000,358,912 | ---- | C] () -- C:\Windows\System32\AudioEng32.dll
[2011/07/18 19:49:02 | 000,002,035 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/03/17 17:09:51 | 000,011,120 | -HS- | C] () -- C:\Users\Courtney\AppData\Local\(+.X)+.,-V),X
[2011/03/17 17:09:51 | 000,011,120 | -HS- | C] () -- C:\ProgramData\(+.X)+.,-V),X
[2011/01/17 17:12:31 | 000,000,007 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\uid_pal
[2011/01/08 17:05:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 12:34:42 | 000,130,832 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/01/23 12:34:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/01/05 21:07:02 | 000,001,356 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d9caps.dat
[2009/11/25 15:44:26 | 000,000,552 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d8caps.dat
[2009/10/03 12:34:24 | 000,002,152 | ---- | C] () -- C:\Windows\unins000.dat
[2009/09/17 14:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 14:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 14:20:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/01 14:45:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\PnkBstrK.sys
[2009/08/30 11:22:19 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/30 11:22:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/30 11:22:16 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/30 01:50:27 | 000,008,704 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 00:15:24 | 000,027,426 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/08/17 21:29:12 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/08/17 21:29:12 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/17 21:27:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/08/17 21:27:23 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/08/17 21:27:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/08/17 21:27:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/17 21:19:32 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/17 21:19:32 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/17 21:19:32 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/17 21:19:31 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/17 20:50:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/17 20:47:09 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,423,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,699,680 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,137,916 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/09/21 10:43:11 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/30 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\DNA
[2010/09/15 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Elluminate
[2011/06/01 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GetRightToGo
[2011/07/27 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\gtk-2.0
[2011/02/24 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Image Zone Express
[2009/10/02 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\InterVideo
[2010/12/07 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Jane s Hotel 3
[2009/08/29 07:06:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Lenovo
[2010/09/29 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Printer Info Cache
[2010/03/06 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SecondLife
[2011/05/30 14:23:28 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/02 16:15:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/16 22:27:37 | 000,010,746 | ---- | M] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx
[2009/12/04 14:15:38 | 000,010,746 | ---- | C] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx

< End of report >
  • 0

#4
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
awsMBR log

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-04 13:09:31
-----------------------------
13:09:31.445 OS Version: Windows 6.0.6002 Service Pack 2
13:09:31.445 Number of processors: 2 586 0x170A
13:09:31.446 ComputerName: COURTNEY-PC UserName: Courtney
13:09:34.643 Initialize success
13:09:56.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:09:56.242 Disk 0 Vendor: WDC_WD16 14.0 Size: 152627MB BusType: 3
13:09:56.301 Disk 0 MBR read successfully
13:09:56.303 Disk 0 MBR scan
13:09:56.305 Disk 0 unknown MBR code
13:09:56.309 Disk 0 scanning sectors +312578048
13:09:56.438 Disk 0 scanning C:\Windows\system32\drivers
13:10:22.017 Service scanning
13:10:22.793 Service TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
13:10:22.810 Service TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
13:10:22.855 Service VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
13:10:23.383 Modules scanning
13:10:39.706 Disk 0 trace - called modules:
13:10:39.782 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
13:10:40.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a958e8]
13:10:40.114 3 CLASSPNP.SYS[8a9cc8b3] -> nt!IofCallDriver -> [0x85912f08]
13:10:40.118 5 acpi.sys[826926bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85936028]
13:10:40.122 Scan finished successfully
13:10:51.517 Disk 0 MBR has been saved successfully to "C:\Users\Courtney\Desktop\MBR.dat"
13:10:51.525 The log file has been saved successfully to "C:\Users\Courtney\Desktop\aswMBR.txt"
  • 0

#5
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

I can see quite a few malware items in the log. Lets start removing them now :)


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/07/25 21:16:21 | 000,786,432 | ---- | M] (Crane Dusky Rafts Bozo) [Auto | Running] -- C:\Windows\System32\p2pnetsh32.exe -- (TrustedInstaller32)
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]
    IE - HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 68 3C 0D A1 2A 71 40 80 69 62 FD F7 2A F7 E9 [binary data]
    O2 - BHO: (no name) - {0D3C6824-2AA1-4071-8069-62FDF72AF7E9} - C:\Windows\System32\AudioEng32.dll ()
    [2011/07/29 22:05:32 | 000,786,432 | ---- | C] (Crane Dusky Rafts Bozo) -- C:\ProgramData\AudioEng32.exe
    [2011/07/29 22:05:28 | 000,786,432 | ---- | C] (Crane Dusky Rafts Bozo) -- C:\Windows\System32\p2pnetsh32.exe
    [2011/08/03 18:58:01 | 000,012,609 | -HS- | M] () -- C:\ProgramData\wmdrmdev32.dll
    [2011/08/03 18:58:01 | 000,000,105 | ---- | M] () -- C:\Windows\System32\315996094
    [2011/08/03 17:57:56 | 000,012,609 | -HS- | M] () -- C:\ProgramData\XAPOFX1_032.dll
    [2011/08/03 16:57:54 | 000,012,609 | -HS- | M] () -- C:\ProgramData\wlihvui32.dll
    [2011/08/03 15:57:49 | 000,012,609 | -HS- | M] () -- C:\ProgramData\TOOLHELP32.dll
    [2011/08/03 13:54:29 | 000,012,609 | -HS- | M] () -- C:\ProgramData\iepeers32.dll
    [2011/08/03 12:54:13 | 000,012,609 | -HS- | M] () -- C:\ProgramData\nlhtml32.dll
    [2011/08/03 11:54:08 | 000,012,609 | -HS- | M] () -- C:\ProgramData\inetpp32.dll
    [2011/08/03 10:50:47 | 000,012,609 | -HS- | M] () -- C:\ProgramData\dnsapi32.dll
    [2011/08/02 21:33:26 | 000,012,609 | -HS- | M] () -- C:\ProgramData\compstui32.dll
    [2011/08/02 20:33:19 | 000,012,609 | -HS- | M] () -- C:\ProgramData\DfrgRes32.dll
    [2011/08/02 19:31:21 | 000,012,609 | -HS- | M] () -- C:\ProgramData\msswch32.dll
    [2011/08/02 18:27:09 | 000,012,609 | -HS- | M] () -- C:\ProgramData\igdumdx3232.dll
    [2011/08/02 16:11:04 | 000,012,575 | -HS- | M] () -- C:\ProgramData\xactengine2_232.dll
    [2011/08/02 15:10:59 | 000,012,575 | -HS- | M] () -- C:\ProgramData\osbaseln32.dll
    [2011/08/01 21:15:19 | 000,012,575 | -HS- | M] () -- C:\ProgramData\catsrv32.dll
    [2011/08/01 20:15:01 | 000,012,575 | -HS- | M] () -- C:\ProgramData\olepro3232.dll
    [2011/08/01 19:14:53 | 000,012,575 | -HS- | M] () -- C:\ProgramData\icaapi32.dll
    [2011/08/01 18:14:49 | 000,012,575 | -HS- | M] () -- C:\ProgramData\wuapi32.dll
    [2011/08/01 17:14:45 | 000,012,575 | -HS- | M] () -- C:\ProgramData\hccutils32.dll
    [2011/08/01 16:14:36 | 000,012,575 | -HS- | M] () -- C:\ProgramData\spwizeng32.dll
    [2011/08/01 15:12:29 | 000,012,575 | -HS- | M] () -- C:\ProgramData\wsdchngr32.dll
    [2011/08/01 11:29:14 | 000,012,575 | -HS- | M] () -- C:\ProgramData\davclnt32.dll
    [2011/07/31 22:29:45 | 000,012,575 | -HS- | M] () -- C:\ProgramData\AudioEng32.dll
    [2011/07/31 21:18:16 | 000,012,541 | -HS- | M] () -- C:\ProgramData\mciqtz3232.dll
    [2011/07/31 15:18:51 | 000,012,541 | -HS- | M] () -- C:\ProgramData\ipsmsnap32.dll
    [2011/07/31 14:18:48 | 000,012,541 | -HS- | M] () -- C:\ProgramData\objsel32.dll
    [2011/07/31 13:18:46 | 000,012,541 | -HS- | M] () -- C:\ProgramData\sxproxy32.dll
    [2011/07/31 12:18:12 | 000,012,541 | -HS- | M] () -- C:\ProgramData\dbnmpntw32.dll
    [2011/07/30 20:42:47 | 000,012,541 | -HS- | M] () -- C:\ProgramData\MSVidCtl32.dll
    [2011/07/30 19:42:44 | 000,012,541 | -HS- | M] () -- C:\ProgramData\cabinet32.dll
    [2011/07/30 14:18:46 | 000,012,541 | -HS- | M] () -- C:\ProgramData\msctf32.dll
    [2011/07/30 13:18:40 | 000,012,541 | -HS- | M] () -- C:\ProgramData\dhcpcmonitor32.dll
    [2011/07/29 22:05:25 | 000,358,912 | ---- | M] () -- C:\Windows\System32\AudioEng32.dll
    [2011/07/29 22:05:28 | 000,000,105 | ---- | C] () -- C:\Windows\System32\315996094
    [2011/03/17 17:09:51 | 000,011,120 | -HS- | C] () -- C:\Users\Courtney\AppData\Local\(+.X)+.,-V),X
    [2011/03/17 17:09:51 | 000,011,120 | -HS- | C] () -- C:\ProgramData\(+.X)+.,-V),X
    [2011/01/17 17:12:31 | 000,000,007 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\uid_pal
    
    :Services
    
    :Reg
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    [HKU\S-1-5-21-1468059031-3913809058-885387311-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again, copy and paste the following into the Custom Scans/Fixes area at the bottom

    C:\ProgramData\*.dll
  • Then click the Quick Scan button. Post the log it produces in your next reply.




2)
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




In your next reply
Please post the contents of...
OTL log
TDSSKiller log

  • 0

#6
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I downloaded the tdsskiller.zip but I'm not sure how to extract it. :)
  • 0

#7
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No worries, all you need to do is right click on tdsskiller.zip, click Extract All, then click Extract in the window after that. You should then see a folder called 'tdsskiller' on your desktop, with the tdsskiller.exe file within it :)
  • 0

#8
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When I right click on it, there is no option to Extract All that I can see.
  • 0

#9
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hmm strange, try this direct link to the .exe file itself. You should be able to just double click this file once it has downloaded. Then just follow the instructions above :)
  • 0

#10
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I saved the file to my desktop but when I double clicked to open it, a black window came up for like one second and disappeared. Nothing else happened after that. I looked at task manager and no programs are running. :)
  • 0

Advertisements


#11
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Sounds very much like malware interfering here. Try rebooting your PC, then run the OTL fix which was posted earlier, if you haven't yet done so. This may well enable TDSSkiller to run. If you could post the OTL log when you have it please. If you have any difficulty with any of this, just let me know :)
  • 0

#12
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran the OTL before I had problems with the tdsskiller. Here is the log. Do I need to run OTL again?

OTL logfile created on: 8/4/2011 3:19:18 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Courtney\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.14% Memory free
6.12 Gb Paging File | 4.80 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 25.95 Gb Free Space | 18.83% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF1.02
Drive Q: | 9.77 Gb Total Space | 3.66 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.99% Space Free | Partition Type: NTFS

Computer Name: COURTNEY-PC | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/03/23 19:02:18 | 000,866,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/11/25 11:59:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/10 14:43:24 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/10 14:43:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/10 14:13:38 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/28 15:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/15 13:50:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/01/02 21:15:19 | 000,355,328 | ---- | M] (Stardust Software) -- C:\Windows\SCMain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/04 03:51:00 | 003,347,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 16:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/15 11:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 11:32:48 | 000,068,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/01/17 11:32:36 | 000,058,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/01/17 11:32:24 | 000,177,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 06:15:14 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/17 21:32:44 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/08/14 20:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/15 13:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 12:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Courtney\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Courtney\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Courtney\Program Files\DNA [2010/12/28 11:27:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meep\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Courtney\AppData\Roaming\Move Networks [2010/03/22 19:09:36 | 000,000,000 | ---D | M]

[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/08/04 15:02:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\System32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Framework] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} http://www.shockwave...Web.1.0.0.5.cab (CPlayFirstNightShiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://www.shockwave...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2009/09/21 15:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | ---- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 18:46:54 | 000,000,049 | ---- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{624e3d7c-8b95-11de-8e69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{624e3d7c-8b95-11de-8e69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 15:01:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/04 13:09:19 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2011/08/03 11:27:28 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{84798EF1-1E09-47A3-A495-FB077B9E6AC3}
[2011/08/03 11:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3FB7178F-C0F5-4A7B-9598-06FF418AD547}
[2011/08/03 11:10:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/02 14:52:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0CBBB515-D4E1-4146-BD1F-E3B5F34A0049}
[2011/08/02 14:51:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{520B13A7-35D3-42F4-90A3-01795522D3BE}
[2011/08/01 15:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CAM Development
[2011/08/01 15:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CAM Development
[2011/08/01 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{EC5748C4-0CF8-4D7E-86E2-53CC548A002C}
[2011/08/01 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{00A0CEA9-8222-42EB-B0D9-6A1548C3722C}
[2011/07/31 21:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unzip Wizard
[2011/07/31 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Unzip Wizard
[2011/07/31 21:41:47 | 000,000,000 | ---D | C] -- C:\extensions
[2011/07/31 21:41:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Conduit
[2011/07/31 21:18:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 21:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{B1B53669-0037-4367-9EDF-D69AE1010FCC}
[2011/07/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0B0EC17A-3F61-47C0-B011-1E18DDBF22F5}
[2011/07/30 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FBE3D3C6-49C3-4F19-AA48-49B28AB0C2E5}
[2011/07/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{6D604161-2DEF-49A8-9056-8A6FE51244DA}
[2011/07/29 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A37F53F3-47BB-45B0-BE12-12F95420C038}
[2011/07/29 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{481BBBB5-7CD1-483D-B4D5-EB5363F25FE1}
[2011/07/29 11:44:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AB597B62-CB8B-4B9E-B2FB-D8A2F06D8296}
[2011/07/28 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{25FC9962-3746-4193-BD70-01247A300A7F}
[2011/07/27 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4FF7DDBC-46F8-47E0-BD3C-62A3C195BB95}
[2011/07/26 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\.scribus
[2011/07/26 16:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14
[2011/07/26 16:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Easy_BioSolutions_Inc
[2011/07/26 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Trinity
[2011/07/26 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FC171FAC-F099-4910-9098-0E789A21BB7F}
[2011/07/25 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{ABD99B6D-E87B-4DDF-8C00-A88368402656}
[2011/07/25 08:54:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{41BDD70C-9B7C-4835-8C9A-E832A1EE3973}
[2011/07/24 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A3D1BCFC-CE5C-4C21-ADA4-BBA23D9B9162}
[2011/07/22 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{E7EEB785-A977-4734-B172-A3C2B284226A}
[2011/07/21 16:25:45 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A7631C61-6F0C-4372-9527-0E0BF6EE8B5C}
[2011/07/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AE4EDE32-00A1-419A-8108-2AB311F66735}
[2011/07/18 13:57:34 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{418EC837-958B-4F66-950F-508072C08CA7}
[2011/07/13 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7C2496DF-3247-4A6C-B6CC-0A69E7C88A27}
[2011/07/13 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{2318D173-FC5F-48D3-8C81-60F87B1BAAFC}
[2011/07/12 21:16:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1AF09E38-78AC-4238-AD95-612BA2857CC1}
[2011/07/12 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{8582BC79-EE4F-40D8-B37B-04A14F95749B}
[2011/07/11 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{10B78833-233A-4A6C-B2B5-D4390F95DB37}
[2011/07/10 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{43D26DE0-43A4-409A-8CD4-68952109155E}
[2011/07/09 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3899AC11-6F9E-4D29-91FF-95B478393F88}
[2011/07/08 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9488FADA-96E5-4C43-BBC9-7975AABA0014}
[2011/07/07 13:04:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9B7C2246-3089-410F-915B-F81ABE7B2BE4}
[2011/07/06 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1C549277-4A9B-42DD-82DC-7080067B1901}
[2011/07/06 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7CA9683B-1EB5-4690-B2EE-0328A4D1F28B}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 15:15:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 15:15:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 15:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/04 15:15:16 | 3179,311,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 15:02:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/04 14:48:07 | 000,012,643 | -HS- | M] () -- C:\ProgramData\tsddd32.dll
[2011/08/04 13:48:07 | 000,012,643 | -HS- | M] () -- C:\ProgramData\NlsLexicons004732.dll
[2011/08/04 13:10:51 | 000,000,512 | ---- | M] () -- C:\Users\Courtney\Desktop\MBR.dat
[2011/08/04 13:09:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2011/08/04 12:50:07 | 000,027,426 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/08/03 18:52:50 | 000,005,235 | ---- | M] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/01 15:22:58 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2011/07/31 12:15:32 | 000,699,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 12:15:32 | 000,137,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/27 11:23:16 | 000,423,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/25 14:06:58 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 19:49:02 | 000,002,035 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/04 14:48:07 | 000,012,643 | -HS- | C] () -- C:\ProgramData\tsddd32.dll
[2011/08/04 13:48:07 | 000,012,643 | -HS- | C] () -- C:\ProgramData\NlsLexicons004732.dll
[2011/08/04 13:10:51 | 000,000,512 | ---- | C] () -- C:\Users\Courtney\Desktop\MBR.dat
[2011/08/03 18:52:50 | 000,005,235 | ---- | C] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/01 15:22:58 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2011/07/18 19:49:02 | 000,002,035 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/01/08 17:05:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 12:34:42 | 000,130,832 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/01/23 12:34:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/01/05 21:07:02 | 000,001,356 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d9caps.dat
[2009/11/25 15:44:26 | 000,000,552 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d8caps.dat
[2009/10/03 12:34:24 | 000,002,152 | ---- | C] () -- C:\Windows\unins000.dat
[2009/09/17 14:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 14:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 14:20:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/01 14:45:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\PnkBstrK.sys
[2009/08/30 11:22:19 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/30 11:22:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/30 11:22:16 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/30 01:50:27 | 000,008,704 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 00:15:24 | 000,027,426 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/08/17 21:29:12 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/08/17 21:29:12 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/17 21:27:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/08/17 21:27:23 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/08/17 21:27:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/08/17 21:27:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/17 21:19:32 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/17 21:19:32 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/17 21:19:32 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/17 21:19:31 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/17 20:50:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/17 20:47:09 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,423,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,699,680 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,137,916 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/09/21 10:43:11 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/30 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\DNA
[2010/09/15 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Elluminate
[2011/06/01 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GetRightToGo
[2011/07/27 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\gtk-2.0
[2011/02/24 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Image Zone Express
[2009/10/02 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\InterVideo
[2010/12/07 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Jane s Hotel 3
[2009/08/29 07:06:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Lenovo
[2010/09/29 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Printer Info Cache
[2010/03/06 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SecondLife
[2011/05/30 14:23:28 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/04 15:14:17 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\ProgramData\*.dll >
[2011/08/04 13:48:07 | 000,012,643 | -HS- | M] () -- C:\ProgramData\NlsLexicons004732.dll
[2011/08/04 14:48:07 | 000,012,643 | -HS- | M] () -- C:\ProgramData\tsddd32.dll

< >

< >

========== Files - Unicode (All) ==========
[2010/02/16 22:27:37 | 000,010,746 | ---- | M] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx
[2009/12/04 14:15:38 | 000,010,746 | ---- | C] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx

< End of report >
  • 0

#13
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Yep, could you run OTL again for me please, as there are a couple of other files that need removing. Just follow the steps below to do this.

After OTL has finished, your PC will reboot. Then, could you try opening TDSSKiller for me again and let me know whether it runs now.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/08/04 13:48:07 | 000,012,643 | -HS- | M] () -- C:\ProgramData\NlsLexicons004732.dll
    [2011/08/04 14:48:07 | 000,012,643 | -HS- | M] () -- C:\ProgramData\tsddd32.dll
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
Court0830

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the next OTL log. tdsskiller still doesnt work.

OTL logfile created on: 8/4/2011 6:19:56 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Courtney\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.70% Memory free
6.12 Gb Paging File | 4.80 Gb Available in Paging File | 78.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 26.25 Gb Free Space | 19.05% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.66 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.99% Space Free | Partition Type: NTFS

Computer Name: COURTNEY-PC | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/03/23 19:02:18 | 000,866,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/11/25 11:59:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/10 14:43:24 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/10 14:43:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/10 14:13:38 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/28 15:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/15 13:50:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/01/02 21:15:19 | 000,355,328 | ---- | M] (Stardust Software) -- C:\Windows\SCMain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/04 03:51:00 | 003,347,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 16:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/15 11:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 11:32:48 | 000,068,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/01/17 11:32:36 | 000,058,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/01/17 11:32:24 | 000,177,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 06:15:14 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/17 21:32:44 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/08/14 20:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/15 13:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 12:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Courtney\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Courtney\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Courtney\Program Files\DNA [2010/12/28 11:27:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meep\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Courtney\AppData\Roaming\Move Networks [2010/03/22 19:09:36 | 000,000,000 | ---D | M]

[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/08/04 15:02:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\System32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Framework] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} http://www.shockwave...Web.1.0.0.5.cab (CPlayFirstNightShiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://www.shockwave...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | ---- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 18:46:54 | 000,000,049 | ---- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac22f8a8-1b4c-11e0-ac78-001e6555cad2}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 15:38:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/04 15:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2011/08/04 15:01:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/04 13:09:19 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2011/08/03 11:27:28 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{84798EF1-1E09-47A3-A495-FB077B9E6AC3}
[2011/08/03 11:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3FB7178F-C0F5-4A7B-9598-06FF418AD547}
[2011/08/03 11:10:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/02 14:52:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0CBBB515-D4E1-4146-BD1F-E3B5F34A0049}
[2011/08/02 14:51:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{520B13A7-35D3-42F4-90A3-01795522D3BE}
[2011/08/01 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{EC5748C4-0CF8-4D7E-86E2-53CC548A002C}
[2011/08/01 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{00A0CEA9-8222-42EB-B0D9-6A1548C3722C}
[2011/07/31 21:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unzip Wizard
[2011/07/31 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Unzip Wizard
[2011/07/31 21:41:47 | 000,000,000 | ---D | C] -- C:\extensions
[2011/07/31 21:41:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Conduit
[2011/07/31 21:18:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 21:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{B1B53669-0037-4367-9EDF-D69AE1010FCC}
[2011/07/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0B0EC17A-3F61-47C0-B011-1E18DDBF22F5}
[2011/07/30 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FBE3D3C6-49C3-4F19-AA48-49B28AB0C2E5}
[2011/07/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{6D604161-2DEF-49A8-9056-8A6FE51244DA}
[2011/07/29 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A37F53F3-47BB-45B0-BE12-12F95420C038}
[2011/07/29 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{481BBBB5-7CD1-483D-B4D5-EB5363F25FE1}
[2011/07/29 11:44:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AB597B62-CB8B-4B9E-B2FB-D8A2F06D8296}
[2011/07/28 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{25FC9962-3746-4193-BD70-01247A300A7F}
[2011/07/27 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4FF7DDBC-46F8-47E0-BD3C-62A3C195BB95}
[2011/07/26 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\.scribus
[2011/07/26 16:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14
[2011/07/26 16:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Easy_BioSolutions_Inc
[2011/07/26 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Trinity
[2011/07/26 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FC171FAC-F099-4910-9098-0E789A21BB7F}
[2011/07/25 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{ABD99B6D-E87B-4DDF-8C00-A88368402656}
[2011/07/25 08:54:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{41BDD70C-9B7C-4835-8C9A-E832A1EE3973}
[2011/07/24 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A3D1BCFC-CE5C-4C21-ADA4-BBA23D9B9162}
[2011/07/22 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{E7EEB785-A977-4734-B172-A3C2B284226A}
[2011/07/21 16:25:45 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A7631C61-6F0C-4372-9527-0E0BF6EE8B5C}
[2011/07/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AE4EDE32-00A1-419A-8108-2AB311F66735}
[2011/07/18 13:57:34 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{418EC837-958B-4F66-950F-508072C08CA7}
[2011/07/13 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7C2496DF-3247-4A6C-B6CC-0A69E7C88A27}
[2011/07/13 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{2318D173-FC5F-48D3-8C81-60F87B1BAAFC}
[2011/07/12 21:16:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1AF09E38-78AC-4238-AD95-612BA2857CC1}
[2011/07/12 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{8582BC79-EE4F-40D8-B37B-04A14F95749B}
[2011/07/11 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{10B78833-233A-4A6C-B2B5-D4390F95DB37}
[2011/07/10 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{43D26DE0-43A4-409A-8CD4-68952109155E}
[2011/07/09 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3899AC11-6F9E-4D29-91FF-95B478393F88}
[2011/07/08 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9488FADA-96E5-4C43-BBC9-7975AABA0014}
[2011/07/07 13:04:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9B7C2246-3089-410F-915B-F81ABE7B2BE4}
[2011/07/06 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1C549277-4A9B-42DD-82DC-7080067B1901}
[2011/07/06 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7CA9683B-1EB5-4690-B2EE-0328A4D1F28B}

========== Files - Modified Within 30 Days ==========

[2011/08/04 18:16:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 18:16:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 18:15:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/04 18:15:53 | 3179,311,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 16:34:29 | 001,404,515 | ---- | M] () -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2011/08/04 15:02:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/04 13:10:51 | 000,000,512 | ---- | M] () -- C:\Users\Courtney\Desktop\MBR.dat
[2011/08/04 13:09:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2011/08/04 12:50:07 | 000,027,426 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/08/03 18:52:50 | 000,005,235 | ---- | M] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/07/31 12:15:32 | 000,699,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 12:15:32 | 000,137,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/27 11:23:16 | 000,423,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/25 14:06:58 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 19:49:02 | 000,002,035 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/04 16:34:24 | 001,404,515 | ---- | C] () -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2011/08/04 13:10:51 | 000,000,512 | ---- | C] () -- C:\Users\Courtney\Desktop\MBR.dat
[2011/08/03 18:52:50 | 000,005,235 | ---- | C] () -- C:\Users\Courtney\.recently-used.xbel
[2011/07/18 19:49:02 | 000,002,035 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/01/08 17:05:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 12:34:42 | 000,130,832 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/01/23 12:34:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/01/05 21:07:02 | 000,001,356 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d9caps.dat
[2009/11/25 15:44:26 | 000,000,552 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d8caps.dat
[2009/10/03 12:34:24 | 000,002,152 | ---- | C] () -- C:\Windows\unins000.dat
[2009/09/17 14:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 14:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 14:20:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/01 14:45:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\PnkBstrK.sys
[2009/08/30 11:22:19 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/30 11:22:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/30 11:22:16 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/30 01:50:27 | 000,008,704 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 00:15:24 | 000,027,426 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/08/17 21:29:12 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/08/17 21:29:12 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/17 21:27:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/08/17 21:27:23 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/08/17 21:27:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/08/17 21:27:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/17 21:19:32 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/17 21:19:32 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/17 21:19:32 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/17 21:19:31 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/17 20:50:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/17 20:47:09 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,423,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,699,680 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,137,916 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/09/21 10:43:11 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/30 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\DNA
[2010/09/15 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Elluminate
[2011/06/01 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GetRightToGo
[2011/07/27 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\gtk-2.0
[2011/02/24 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Image Zone Express
[2009/10/02 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\InterVideo
[2010/12/07 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Jane s Hotel 3
[2009/08/29 07:06:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Lenovo
[2010/09/29 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Printer Info Cache
[2010/03/06 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SecondLife
[2011/05/30 14:23:28 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/04 18:15:11 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/16 22:27:37 | 000,010,746 | ---- | M] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx
[2009/12/04 14:15:38 | 000,010,746 | ---- | C] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx

< End of report >
  • 0

#15
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No worries, lets now try a different tactic. Could you run ComboFix by following the instructions below please...


Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP