Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alureon [Solved]

Started by VikingP77 , Dec 08 2011 09:02 PM

  • This topic is locked This topic is locked

#1
VikingP77
Posted 08 December 2011 - 09:02 PM

VikingP77

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

I run Windows 7 on a Lenovo laptop.
This morning I clicked on a blog page and it redirected to another site. It was not the site I was trying to get to and I closed the window before it loaded. Microsoft Security Essentials came right up and said it was Win 32 Alureon a trojan and asked if I wanted to remove it and of course I clicked yes. Well it didn't matter. Multiple error windows started popping up. I tried to system restore and it won't let me. When I first get into Windows a window comes up that says catalyst host error. I've never seen this before. I think the trojan is still in here but MSE says it is deleted. I've tried system recover too. Thank you!

Edited by VikingP77, 08 December 2011 - 09:55 PM.

  • 0

Advertisements

#2
VikingP77
Posted 08 December 2011 - 11:12 PM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is my OTL

OTL logfile created on: 12/8/2011 6:56:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SIIRI77\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 54.93% Memory free
5.49 Gb Paging File | 4.09 Gb Available in Paging File | 74.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 215.11 Gb Free Space | 84.64% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.07 Gb Free Space | 96.80% Space Free | Partition Type: NTFS

Computer Name: SIIRI77-PC | User Name: SIIRI77 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 18:52:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SIIRI77\Downloads\OTL.exe
PRC - [2011/11/11 09:50:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/11 10:05:42 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/03/02 14:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/18 18:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 09:50:21 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/18 21:54:10 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/11 10:05:42 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009/12/18 18:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 18:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 18:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 10:19:32 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/22 10:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 06:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/07 00:07:16 | 001,326,928 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/07/19 10:45:56 | 007,448,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/19 09:39:40 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 04:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 01:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/11 19:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/22 02:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/02 07:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/15 10:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/07 04:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/18 16:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 06:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 03:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 19:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 12:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 04:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 09:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/06 06:39:37 | 000,000,000 | ---D | M]

[2011/04/07 03:56:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\SIIRI77\AppData\Roaming\Mozilla\Extensions
[2011/11/11 09:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/05 09:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/11 09:50:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/11 09:50:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 09:50:22 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403D0AFA-FE55-4E00-B993-2204299CE1B0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2011/12/08 18:37:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Services
[2011/12/08 18:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}
[2011/12/08 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo Hard Drive Quick Test
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 18:36:02 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 18:36:02 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 18:33:59 | 000,730,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/08 18:33:59 | 000,626,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/08 18:33:59 | 000,107,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/08 18:28:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/08 18:28:35 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/08 18:24:41 | 000,002,243 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/12/08 16:21:03 | 000,000,021 | ---- | M] () -- C:\windows\tpcsd
[2011/12/08 13:16:44 | 000,002,239 | ---- | M] () -- C:\Users\SIIRI77\Desktop\OneKey Recovery.lnk
[2011/12/08 12:19:45 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~3kfOKbB42C01Vg
[2011/12/08 12:19:45 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~3kfOKbB42C01Vgr
[2011/12/08 12:19:34 | 000,000,344 | -H-- | M] () -- C:\ProgramData\3kfOKbB42C01Vg
[2011/12/03 17:29:34 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011/11/09 18:28:11 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 16:21:03 | 000,000,021 | ---- | C] () -- C:\windows\tpcsd
[2011/12/08 12:19:45 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~3kfOKbB42C01Vg
[2011/12/08 12:19:45 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~3kfOKbB42C01Vgr
[2011/12/08 12:19:34 | 000,000,344 | -H-- | C] () -- C:\ProgramData\3kfOKbB42C01Vg
[2011/12/03 17:29:34 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011/04/23 09:31:02 | 000,000,120 | -H-- | C] () -- C:\Users\SIIRI77\AppData\Local\Ozeweziwake.dat
[2011/04/23 09:31:02 | 000,000,000 | -H-- | C] () -- C:\Users\SIIRI77\AppData\Local\Dhetogilimelu.bin
[2011/04/18 18:16:20 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat
[2011/04/11 13:02:01 | 000,746,906 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/11 10:24:51 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/11 10:24:51 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/03/11 10:16:42 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011/03/11 10:05:44 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/11 10:05:44 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/11 10:05:40 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/11 09:51:12 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/11 09:36:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/11 09:32:52 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/24 10:45:38 | 000,000,000 | -H-D | M] -- C:\Users\SIIRI77\AppData\Roaming\Amazon
[2011/09/04 23:33:08 | 000,000,000 | -H-D | M] -- C:\Users\SIIRI77\AppData\Roaming\SanDisk
[2011/12/08 17:53:44 | 000,000,000 | ---D | M] -- C:\Users\SIIRI77\AppData\Roaming\SoftGrid Client
[2011/12/08 17:54:49 | 000,000,000 | ---D | M] -- C:\Users\SIIRI77\AppData\Roaming\start
[2011/04/11 13:03:01 | 000,000,000 | -H-D | M] -- C:\Users\SIIRI77\AppData\Roaming\TP
[2011/11/18 07:36:31 | 000,032,614 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

EXTRAS

OTL Extras logfile created on: 12/8/2011 6:56:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SIIRI77\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 54.93% Memory free
5.49 Gb Paging File | 4.09 Gb Available in Paging File | 74.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 215.11 Gb Free Space | 84.64% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.07 Gb Free Space | 96.80% Space Free | Partition Type: NTFS

Computer Name: SIIRI77-PC | User Name: SIIRI77 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16D22C34-9766-69FD-E615-9517ACCF40D2}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CADC615-64C7-7366-A49A-342E8B7D3C9B}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{059D4FB4-301A-E085-A001-6652FA6BB3DE}" = CCC Help Hungarian
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{114B4A6E-E0E6-5AD2-015A-71898AE7D0C5}" = ccc-core-static
"{1172075E-6767-6861-2A1F-B031F9067AB2}" = CCC Help Chinese Standard
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21CE7849-0508-3624-4396-B72629FDE6B6}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2972A52A-766C-930C-9043-3319818B7FD5}" = CCC Help Turkish
"{2AC42BCF-F6E7-2160-89B5-B492C1B4B133}" = CCC Help Russian
"{30E9714B-53C8-89CD-270D-C84D8C055493}" = CCC Help Chinese Traditional
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3769A63A-4A92-8C32-26EE-6FE1E820EB37}" = CCC Help Finnish
"{3BEC1598-0438-F76F-BE61-DCD715CBE223}" = CCC Help English
"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41B515BD-12A5-3163-BB2B-49A15392A101}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D0CBC7-41BE-5AE3-812A-ADD754523EB2}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7386F68C-0E7E-1F0F-FF70-099D0BFF99E7}" = CCC Help Korean
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{822E82EF-BD60-8BBB-9A36-4D9C6B77F809}" = CCC Help Greek
"{84FD3EE5-AD52-AADE-0C31-965ED835630D}" = CCC Help Spanish
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{977B15E4-DA09-14BE-2B5C-B47C2862E38D}" = CCC Help Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A428ED60-99EA-E0DA-85F7-1895C7D0F789}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B9B0B05C-A2D1-5C0A-134F-C411C698A514}" = CCC Help Swedish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0871DBE-C9BD-623A-4E44-FFC4251DF464}" = CCC Help German
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D67B3ECD-9B64-38CC-A695-63FA2E790D76}" = Catalyst Control Center Localization All
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4C6DDE-327A-9D48-1556-7D461F8C1C48}" = Catalyst Control Center InstallProxy
"{DE7113C2-4FA7-8DA6-2FE3-86D2043CE91D}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E108E986-9572-51E0-32CA-79BDF03E5640}" = CCC Help Polish
"{E2B9D46A-972F-2C73-B110-C7E2FCDDAEA8}" = CCC Help French
"{E63E810F-CAE0-560E-BCF9-9CCAC0A8A06D}" = CCC Help Norwegian
"{E9A418A4-2973-15F7-EE63-256675E6682B}" = CCC Help Czech
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF822610-EF5E-021E-ED55-5AB4ED0462AB}" = CCC Help Danish
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"Lenovo Games Console" = Lenovo Games Console
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 4:48:56 PM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/20/2011 4:49:19 PM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/23/2011 1:12:55 AM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/23/2011 1:13:17 AM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/25/2011 5:36:55 PM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/25/2011 5:37:19 PM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/28/2011 10:38:46 PM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/28/2011 10:39:09 PM | Computer Name = SIIRI77-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/29/2011 9:56:59 PM | Computer Name = SIIRI77-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 11/30/2011 11:40:07 PM | Computer Name = SIIRI77-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

[ System Events ]
Error - 12/8/2011 10:27:14 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/8/2011 10:27:14 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/8/2011 10:27:14 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/8/2011 10:28:54 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
Mobile Device service to connect.

Error - 12/8/2011 10:28:54 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 12/8/2011 10:28:56 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Application
Virtualization Client service to connect.

Error - 12/8/2011 10:28:56 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Client service failed to start due
to the following error: %%1053

Error - 12/8/2011 10:28:56 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1053

Error - 12/8/2011 10:29:08 PM | Computer Name = SIIRI77-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/8/2011 10:30:59 PM | Computer Name = SIIRI77-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2


< End of report >
  • 0

#3
Essexboy
Posted 09 December 2011 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can locate the miscreant

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/08 12:19:45 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~3kfOKbB42C01Vg
    [2011/12/08 12:19:45 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~3kfOKbB42C01Vgr
    [2011/12/08 12:19:34 | 000,000,344 | -H-- | M] () -- C:\ProgramData\3kfOKbB42C01Vg
    [2011/04/23 09:31:02 | 000,000,120 | -H-- | C] () -- C:\Users\SIIRI77\AppData\Local\Ozeweziwake.dat
    [2011/04/23 09:31:02 | 000,000,000 | -H-- | C] () -- C:\Users\SIIRI77\AppData\Local\Dhetogilimelu.bin

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#4
VikingP77
Posted 09 December 2011 - 08:45 PM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Wow thank you!
All processes killed
========== OTL ==========
C:\ProgramData\~3kfOKbB42C01Vg moved successfully.
C:\ProgramData\~3kfOKbB42C01Vgr moved successfully.
C:\ProgramData\3kfOKbB42C01Vg moved successfully.
C:\Users\SIIRI77\AppData\Local\Ozeweziwake.dat moved successfully.
C:\Users\SIIRI77\AppData\Local\Dhetogilimelu.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SIIRI77\Downloads\cmd.bat deleted successfully.
C:\Users\SIIRI77\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: SIIRI77
->Temp folder emptied: 1216075671 bytes
->Temporary Internet Files folder emptied: 59624108 bytes
->Java cache emptied: 896185 bytes
->FireFox cache emptied: 140221881 bytes
->Flash cache emptied: 47357 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1297408 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 272698508 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 282670 bytes
RecycleBin emptied: 278563885 bytes

Total Files Cleaned = 1,878.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12092011_182128

Files\Folders moved on Reboot...
C:\Users\SIIRI77\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


AND...

OTL logfile created on: 12/9/2011 6:26:55 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\SIIRI77\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 62.32% Memory free
5.49 Gb Paging File | 4.31 Gb Available in Paging File | 78.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 216.79 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.07 Gb Free Space | 96.80% Space Free | Partition Type: NTFS

Computer Name: SIIRI77-PC | User Name: SIIRI77 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 18:52:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SIIRI77\Downloads\OTL.exe
PRC - [2011/11/11 09:50:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/11 10:05:42 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/03/02 14:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/18 18:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 09:50:21 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/11 10:05:42 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009/12/18 18:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 18:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 18:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 10:19:32 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/22 10:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 06:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 04:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/07 00:07:16 | 001,326,928 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/07/19 10:45:56 | 007,448,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/19 09:39:40 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 04:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 01:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/11 19:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/22 02:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/02 07:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/15 10:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/07 04:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/18 16:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 06:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 03:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 19:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 12:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 04:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 09:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/06 06:39:37 | 000,000,000 | ---D | M]

[2011/04/07 03:56:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\SIIRI77\AppData\Roaming\Mozilla\Extensions
[2011/11/11 09:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/05 09:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/11 09:50:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/11 09:50:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 09:50:22 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/09 18:21:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403D0AFA-FE55-4E00-B993-2204299CE1B0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/09 18:21:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/08 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2011/12/08 18:37:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Services
[2011/12/08 18:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}
[2011/12/08 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo Hard Drive Quick Test

========== Files - Modified Within 30 Days ==========

[2011/12/09 18:24:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/09 18:24:27 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/09 18:23:47 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 18:23:47 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 18:22:03 | 000,730,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/09 18:22:03 | 000,626,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/09 18:22:03 | 000,107,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/09 18:21:30 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/12/08 18:24:41 | 000,002,243 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/12/08 16:21:03 | 000,000,021 | ---- | M] () -- C:\windows\tpcsd
[2011/12/08 13:16:44 | 000,002,239 | ---- | M] () -- C:\Users\SIIRI77\Desktop\OneKey Recovery.lnk
[2011/12/03 17:29:34 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat

========== Files Created - No Company Name ==========

[2011/12/08 16:21:03 | 000,000,021 | ---- | C] () -- C:\windows\tpcsd
[2011/12/03 17:29:34 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011/04/18 18:16:20 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat
[2011/04/11 13:02:01 | 000,746,906 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/11 10:24:51 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/11 10:24:51 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/03/11 10:16:42 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011/03/11 10:05:44 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/11 10:05:44 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/11 10:05:40 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/11 09:51:12 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/11 09:36:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/11 09:32:52 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/24 10:45:38 | 000,000,000 | -H-D | M] -- C:\Users\SIIRI77\AppData\Roaming\Amazon
[2011/09/04 23:33:08 | 000,000,000 | -H-D | M] -- C:\Users\SIIRI77\AppData\Roaming\SanDisk
[2011/12/08 17:53:44 | 000,000,000 | ---D | M] -- C:\Users\SIIRI77\AppData\Roaming\SoftGrid Client
[2011/12/08 17:54:49 | 000,000,000 | ---D | M] -- C:\Users\SIIRI77\AppData\Roaming\start
[2011/04/11 13:03:01 | 000,000,000 | -H-D | M] -- C:\Users\SIIRI77\AppData\Roaming\TP
[2011/11/18 07:36:31 | 000,032,614 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


AND

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-09 18:32:12
-----------------------------
18:32:12.127 OS Version: Windows x64 6.1.7601 Service Pack 1
18:32:12.127 Number of processors: 2 586 0x603
18:32:12.127 ComputerName: SIIRI77-PC UserName: SIIRI77
18:32:13.531 Initialize success
18:33:00.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:00.462 Disk 0 Vendor: WDC_WD3200BPVT-24ZEST0 02.01A02 Size: 305245MB BusType: 11
18:33:02.490 Disk 0 MBR read successfully
18:33:02.490 Disk 0 MBR scan
18:33:02.490 Disk 0 Windows 7 default MBR code
18:33:02.506 Service scanning
18:33:06.671 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:33:07.264 Modules scanning
18:33:07.264 Disk 0 trace - called modules:
18:33:07.279
18:33:07.279 Scan finished successfully
18:33:20.992 Disk 0 MBR has been saved successfully to "C:\Users\SIIRI77\Desktop\MBR.dat"
18:33:20.992 The log file has been saved successfully to "C:\Users\SIIRI77\Desktop\aswMBR.txt"

I cannot get my laptop to do a screen shot of my computer management! Sorry my prtscc and Fn nothing is working...so frustrated.
  • 0

#5
Essexboy
Posted 10 December 2011 - 05:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you type the details please

I will need to know the partition size, name and whether active or boot

[attachment=54371:Capture.JPG]

Also what are the current problems ?
  • 0

#6
VikingP77
Posted 10 December 2011 - 08:53 AM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Still getting catalyst host error when Windows opens up to my desktop. Also earlier I was listening to some music and it froze the music gave me an error message and restarted. My pictures are also gone from my files.

Healthy OEM Partition is 14.75 gb
NTFS Healthy(System, Active, primary Partition) 200 mb
C: NTFS Healthy (Boot,Page File, Crash Dump, Primary Partition)254.14 gb
Lenovo D: Healthy(logical drive) 29.00 gb

thank you so much for your help!
  • 0

#7
Essexboy
Posted 10 December 2011 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm not showing - I wonder if it has changed

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#8
VikingP77
Posted 10 December 2011 - 05:51 PM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok here is Rogue Killer

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: SIIRI77 [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/10/2011 11:57:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 2 / Fail 0
Programs: Success 10 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 1251 / Fail 0
My documents: Success 4 / Fail 0
My favorites: Success 27 / Fail 0
My pictures: Success 251 / Fail 0
My music: Success 290 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1723 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

Here is ComboFix

ComboFix 11-12-10.01 - SIIRI77 12/10/2011 12:01:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1505 [GMT -8:00]
Running from: c:\users\SIIRI77\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\images\1818722.jpg
c:\users\SIIRI77\AppData\Local\{8DC7BAAA-532E-4529-943E-4CD547C1C5CA}
c:\users\SIIRI77\AppData\Local\{8DC7BAAA-532E-4529-943E-4CD547C1C5CA}\chrome\content\overlay.xul
c:\users\SIIRI77\AppData\Local\{8DC7BAAA-532E-4529-943E-4CD547C1C5CA}\install.rdf
c:\users\SIIRI77\AppData\Roaming\Start
c:\users\SIIRI77\AppData\Roaming\Start\temp_CCDE3245\flash.10.0.32.18.ocx
c:\windows\s.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 20:07 . 2011-12-10 20:07 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C6422A7-5365-4284-9CC8-04F87D347544}\offreg.dll
2011-12-10 20:06 . 2011-12-10 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 02:53 . 2011-12-10 02:53 -------- d-----w- c:\program files (x86)\ScreenGrab
2011-12-10 02:35 . 2011-11-30 10:21 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C6422A7-5365-4284-9CC8-04F87D347544}\mpengine.dll
2011-12-10 02:21 . 2011-12-10 02:21 -------- d-----w- C:\_OTL
2011-12-09 02:37 . 2011-12-09 02:43 -------- d-----w- c:\programdata\PCDr
2011-12-09 02:37 . 2011-12-09 02:37 -------- d-----w- c:\programdata\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}
2011-12-09 02:37 . 2011-12-09 02:37 -------- d-----w- c:\program files (x86)\Lenovo Hard Drive Quick Test
2011-12-09 02:19 . 2011-10-05 01:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6D71577-D1C5-407E-900E-753C3094BD35}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 10:21 . 2011-07-10 04:53 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 04:07 . 2011-04-27 17:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-03 13:06 . 2011-09-05 17:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-14 01:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-14 01:05 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29 . 2011-11-09 03:08 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 03:08 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-19 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-11 3122528]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-11 18:05 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-20 11448424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-20 2120808]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF16102.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\SIIRI77\AppData\Roaming\Mozilla\Firefox\Profiles\k8etir2p.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-12-10 12:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 20:12
.
Pre-Run: 231,697,686,528 bytes free
Post-Run: 231,182,696,448 bytes free
.
- - End Of File - - E21BB074B44B95F43089FBB798670A2D

And Finally

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 4311
Logical Drives Mask: 0x0001002c

Kernel Drivers (total 196):
0x03002000 \SystemRoot\system32\ntoskrnl.exe
0x035EB000 \SystemRoot\system32\hal.dll
0x00B98000 \SystemRoot\system32\kdcom.dll
0x00C0F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C1C000 \SystemRoot\system32\PSHED.dll
0x00C30000 \SystemRoot\system32\CLFS.SYS
0x00C8E000 \SystemRoot\system32\CI.dll
0x00D4E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00C00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E5C000 \SystemRoot\system32\drivers\ACPI.sys
0x00EB3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EBC000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EC6000 \SystemRoot\system32\drivers\pci.sys
0x00EF9000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F06000 \SystemRoot\System32\drivers\partmgr.sys
0x00F1B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F24000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F30000 \SystemRoot\system32\drivers\volmgr.sys
0x00F45000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FA1000 \SystemRoot\system32\drivers\pciide.sys
0x00FA8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FB8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FD2000 \SystemRoot\system32\drivers\atapi.sys
0x00E00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2A000 \SystemRoot\system32\drivers\msahci.sys
0x00E35000 \SystemRoot\system32\drivers\amdxata.sys
0x010D2000 \SystemRoot\system32\drivers\fltmgr.sys
0x0111E000 \SystemRoot\system32\drivers\fileinfo.sys
0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01132000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013EE000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01440000 \SystemRoot\system32\drivers\ndis.sys
0x01533000 \SystemRoot\system32\drivers\NETIO.SYS
0x01593000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016F7000 \SystemRoot\System32\drivers\tcpip.sys
0x018FB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01945000 \SystemRoot\system32\drivers\volsnap.sys
0x01991000 \SystemRoot\System32\Drivers\spldr.sys
0x01999000 \SystemRoot\System32\drivers\rdyboost.sys
0x019D3000 \SystemRoot\System32\Drivers\mup.sys
0x019E5000 \SystemRoot\System32\DRIVERS\LhdX64.sys
0x019F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01680000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x016C0000 \SystemRoot\system32\drivers\cdrom.sys
0x015BE000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x016EA000 \SystemRoot\System32\Drivers\Null.SYS
0x015EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x01400000 \SystemRoot\System32\drivers\vga.sys
0x0140E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0120A000 \SystemRoot\System32\drivers\watchdog.sys
0x01433000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0121A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01223000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01072000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01083000 \SystemRoot\system32\DRIVERS\tdx.sys
0x010A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01190000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CAA000 \SystemRoot\system32\drivers\afd.sys
0x02D33000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D3C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D62000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D78000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D87000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DA2000 \SystemRoot\system32\drivers\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02DB6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02DDC000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03A56000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03E3C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03A9D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x045A8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E00000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04856000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04B45000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04B52000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04B67000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04B72000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04BC8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04BD9000 \SystemRoot\system32\drivers\i8042prt.sys
0x04800000 \SystemRoot\system32\drivers\kbdclass.sys
0x03B91000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0480F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04811000 \SystemRoot\system32\drivers\mouclass.sys
0x04820000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x04836000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0483B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03E24000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03A24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BE0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x011D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x010B2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0484B000 \SystemRoot\system32\DRIVERS\WDMirror.sys
0x04852000 \SystemRoot\system32\drivers\swenum.sys
0x03CF5000 \SystemRoot\system32\drivers\ks.sys
0x03D38000 \SystemRoot\system32\drivers\umbus.sys
0x03D4A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03DA4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03DB9000 \SystemRoot\system32\drivers\AtihdW76.sys
0x03C00000 \SystemRoot\system32\drivers\portcls.sys
0x03C3D000 \SystemRoot\system32\drivers\drmk.sys
0x03C5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x04EA0000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x050FA000 \SystemRoot\System32\drivers\Dxapi.sys
0x05106000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05123000 \SystemRoot\system32\drivers\hidusb.sys
0x05131000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x0514A000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x05153000 \SystemRoot\system32\drivers\kbdhid.sys
0x05161000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0260E000 \SystemRoot\System32\Drivers\BisonC07.sys
0x02751000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0279D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x027AB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x027B7000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x027C2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x027D5000 \SystemRoot\system32\drivers\luafv.sys
0x02600000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x0275F000 \SystemRoot\system32\drivers\WudfPf.sys
0x02780000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0516E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x051C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x051D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x034F0000 \SystemRoot\system32\drivers\HTTP.sys
0x035B9000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x035C3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x035E1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0342D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0347B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05875000 \SystemRoot\system32\drivers\peauth.sys
0x0591B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05926000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x05800000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x0349F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0584D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05ED6000 \SystemRoot\System32\DRIVERS\srv.sys
0x05F6E000 \SystemRoot\system32\drivers\spsys.sys
0x05FDF000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x05E00000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77CA0000 \Windows\System32\ntdll.dll
0x47EE0000 \Windows\System32\smss.exe
0xFFFC0000 \Windows\System32\apisetschema.dll
0xFF490000 \Windows\System32\autochk.exe
0xFFF10000 \Windows\System32\clbcatq.dll
0xFFCB0000 \Windows\System32\iertutil.dll
0xFFB30000 \Windows\System32\urlmon.dll
0x77BA0000 \Windows\System32\user32.dll
0xFFB20000 \Windows\System32\nsi.dll
0x77E70000 \Windows\System32\normaliz.dll
0xFFA40000 \Windows\System32\oleaut32.dll
0xFF9F0000 \Windows\System32\ws2_32.dll
0xFF910000 \Windows\System32\advapi32.dll
0xFF840000 \Windows\System32\usp10.dll
0xFF710000 \Windows\System32\rpcrt4.dll
0xFE980000 \Windows\System32\shell32.dll
0xFE900000 \Windows\System32\shlwapi.dll
0xFE7D0000 \Windows\System32\wininet.dll
0xFE7B0000 \Windows\System32\sechost.dll
0xFE790000 \Windows\System32\imagehlp.dll
0xFE730000 \Windows\System32\Wldap32.dll
0xFE550000 \Windows\System32\setupapi.dll
0x77A80000 \Windows\System32\kernel32.dll
0xFE340000 \Windows\System32\ole32.dll
0xFE330000 \Windows\System32\lpk.dll
0xFE2C0000 \Windows\System32\gdi32.dll
0x77E60000 \Windows\System32\psapi.dll
0xFE220000 \Windows\System32\comdlg32.dll
0xFE180000 \Windows\System32\msvcrt.dll
0xFE150000 \Windows\System32\imm32.dll
0xFE0D0000 \Windows\System32\difxapi.dll
0xFDFC0000 \Windows\System32\msctf.dll
0xFDFA0000 \Windows\System32\devobj.dll
0xFDE30000 \Windows\System32\crypt32.dll
0xFDD90000 \Windows\System32\comctl32.dll
0xFDD50000 \Windows\System32\cfgmgr32.dll
0xFDCE0000 \Windows\System32\KernelBase.dll
0xFDCA0000 \Windows\System32\wintrust.dll
0xFDC90000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
408 csrss.exe
492 C:\Windows\System32\wininit.exe
500 csrss.exe
552 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
868 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
948 C:\Windows\System32\atiesrxx.exe
980 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\wlanext.exe
1292 C:\Windows\System32\conhost.exe
1396 C:\Windows\System32\spoolsv.exe
1436 C:\Windows\System32\atieclxx.exe
1464 C:\Windows\System32\svchost.exe
1724 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1200 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1524 C:\Windows\System32\svchost.exe
1660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2080 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2520 C:\Windows\System32\svchost.exe
2800 C:\Windows\System32\taskhost.exe
2888 C:\Windows\System32\dwm.exe
2908 C:\Windows\explorer.exe
3032 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3048 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3064 C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
1860 C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
2072 C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
2184 C:\Program Files\Microsoft Security Client\msseces.exe
320 C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2924 C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
2232 C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
2704 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3092 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3280 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3376 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3556 C:\Windows\System32\SearchIndexer.exe
3656 C:\Program Files\Windows Media Player\wmpnetwk.exe
3784 C:\Windows\System32\svchost.exe
3932 C:\Windows\System32\svchost.exe
2640 WmiPrvSE.exe
3208 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2848 dllhost.exe
2952 C:\Windows\System32\notepad.exe
604 C:\Windows\System32\sppsvc.exe
3008 C:\Windows\System32\notepad.exe
2428 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
708 C:\Windows\System32\SearchProtocolHost.exe
3700 C:\Windows\System32\SearchFilterHost.exe
1880 C:\Windows\System32\audiodg.exe
2236 C:\Users\SIIRI77\Downloads\MBRCheck.exe
2812 C:\Windows\System32\conhost.exe
1236 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003f`95d00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD3200BPVT-24ZEST0, Rev: 02.01A02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Thank you!
  • 0

#9
Essexboy
Posted 11 December 2011 - 06:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it running now - you should have all your pictures/files/folders back now :)

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
VikingP77
Posted 11 December 2011 - 12:48 PM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
You sir are amazing! How did you learn to do all this? Thank you thank you thank you! Looks like everything is safe and I can log into my email again?

LOG

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8352

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/11/2011 10:46:41 AM
mbam-log-2011-12-11 (10-46-41).txt

Scan type: Quick scan
Objects scanned: 170998
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#11
Essexboy
Posted 11 December 2011 - 02:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Any problems
  • 0

#12
VikingP77
Posted 11 December 2011 - 04:19 PM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It's running great...no more catalyst error. Brilliant! Thank you so much and happy holidays :thumbsup:
  • 0

#13
Essexboy
Posted 11 December 2011 - 04:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#14
VikingP77
Posted 11 December 2011 - 07:23 PM

VikingP77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All done..so helpful...cannot thank you enough :wub:
  • 0

#15
Essexboy
Posted 12 December 2011 - 12:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP