Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect and all programs missing from start menu [Closed]

Started by catttreanor , Sep 08 2012 01:13 PM

This topic is locked

#31
catttreanor

Posted 12 September 2012 - 01:50 PM

Member

Topic Starter
Member
67 posts

OTL logfile created on: 9/12/2012 2:39:49 PM - Run 14
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\catt\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 56.10% Memory free
3.50 Gb Paging File | 2.53 Gb Available in Paging File | 72.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.92 Gb Total Space | 89.14 Gb Free Space | 32.66% Space Free | Partition Type: NTFS

Computer Name: BETSY | User Name: catt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 14:36:53 | 094,742,856 | ---- | M] () -- C:\Users\catt\Downloads\avira_free_antivirus_en.exe
PRC - [2012/09/08 16:00:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Desktop\OTL(1).exe
PRC - [2012/09/07 20:26:19 | 002,755,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Users\catt\AppData\Local\temp\RarSFX0\presetup.exe
PRC - [2012/09/07 20:26:19 | 000,716,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Users\catt\AppData\Local\temp\RarSFX0\setup.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/09/28 13:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\HealthCare\HealthCare.exe
PRC - [2009/08/24 08:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/07/29 17:01:10 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/07/10 11:04:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/10 11:04:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/03 22:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/12 14:36:53 | 094,742,856 | ---- | M] () -- C:\Users\catt\Downloads\avira_free_antivirus_en.exe
MOD - [2012/06/14 03:30:35 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 03:29:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:29:52 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 03:27:21 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:26:12 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:26:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:26:05 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:25:47 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/04/29 06:29:11 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3478.18702__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3478.18776__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3478.18684__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3478.18704__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3478.18756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3478.18737__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3478.18698__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3478.18727__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3478.18693__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3478.18693__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3478.18728__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3478.18724__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3478.18704__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3478.18742__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3478.18734__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3478.18692__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3478.18728__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3478.18776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3478.18775__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3478.18729__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3478.18734__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3478.18735__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3478.18800__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/04/29 06:29:09 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3478.18770__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/04/29 06:29:09 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3478.18769__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/04/29 06:29:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/04/29 06:29:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3478.18781__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/04/29 06:29:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/04/29 06:29:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3478.18679__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/04/29 06:29:09 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/04/29 06:29:08 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3478.18688__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/04/29 06:29:08 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3478.18764__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/04/29 06:29:08 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3478.18698__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/04/29 06:29:08 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3478.18680__90ba9c70f846762e\APM.Server.dll
MOD - [2010/04/29 06:29:08 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3478.18683__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/04/29 06:29:08 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3478.18681__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/04/29 06:29:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3478.18679__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/04/29 06:29:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/04/29 06:29:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/04/29 06:29:08 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3478.18770__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/09/09 11:25:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\en-us\en-us.dll
MOD - [2009/06/19 12:33:54 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/03 22:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 22:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2008/09/27 10:39:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\HOOK.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/09/07 20:26:13 | 000,059,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\windows\TEMP\AVSETUP_5050e4b1\avupgsvc.exe -- (AviraUpgradeService)
SRV - [2012/09/07 12:17:50 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/04 09:12:07 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/04 03:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 11:04:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\catt\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 11:40:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 19:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
DRV - [2009/05/04 23:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/03/02 13:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2008/08/06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B37A3E90-AEDB-4334-A12D-210C842EF19C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://leftaction.co...en-US:official"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.14
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 09:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 17:09:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 09:33:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 17:09:15 | 000,000,000 | ---D | M]

[2010/11/01 09:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Extensions
[2012/09/08 22:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions
[2012/09/12 09:31:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/22 09:04:30 | 000,000,000 | ---D | M] (Performance Cache) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\[email protected]
[2012/09/04 09:30:36 | 000,243,317 | ---- | M] () (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\[email protected]
[2012/08/10 18:41:13 | 000,375,811 | ---- | M] () (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/08 17:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 12:17:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/27 01:56:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/09/04 09:30:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/04 09:30:24 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/12 14:00:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3054F0-C6F0-4F36-8132-BBDB287D3BA5}: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 14:02:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/12 14:01:59 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/12 13:44:04 | 000,059,904 | ---- | C] (Apple Inc.4FileDescription) -- C:\Users\catt\AppData\Roaming\zduwpk.exe_unuuo
[2012/09/12 10:24:02 | 000,059,904 | ---- | C] (Apple Inc.4FileDescription) -- C:\Users\catt\AppData\Roaming\ijlwot.exe_gortf
[2012/09/12 10:17:20 | 004,749,988 | R--- | C] (Swearware) -- C:\Users\catt\Desktop\ComboFix.exe
[2012/09/08 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\catt\Desktop\Current_User_Start_Menu
[2012/09/08 16:00:16 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\catt\Desktop\OTL(1).exe
[2010/04/29 06:40:04 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2012/09/12 14:37:06 | 000,014,240 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 14:37:06 | 000,014,240 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 14:30:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 14:29:32 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 14:29:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/12 14:29:21 | 1407,746,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 14:00:09 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/09/12 13:44:08 | 000,142,464 | ---- | M] () -- C:\Users\catt\AppData\Roaming\lqbyjd.exe_dhked
[2012/09/12 13:44:07 | 000,022,528 | ---- | M] () -- C:\Users\catt\AppData\Roaming\rnmsik.exe_djhek
[2012/09/12 13:44:07 | 000,019,456 | ---- | M] () -- C:\Users\catt\AppData\Roaming\chbxks.exe_ffxrx
[2012/09/12 13:43:20 | 265,693,127 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/09/12 13:40:26 | 004,749,988 | R--- | M] (Swearware) -- C:\Users\catt\Desktop\ComboFix.exe
[2012/09/12 12:58:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 10:24:06 | 000,142,464 | ---- | M] () -- C:\Users\catt\AppData\Roaming\klnjnm.exe_phyyd
[2012/09/12 10:24:04 | 000,022,528 | ---- | M] () -- C:\Users\catt\AppData\Roaming\lafkxn.exe_cruoq
[2012/09/12 10:24:04 | 000,019,456 | ---- | M] () -- C:\Users\catt\AppData\Roaming\owrfkc.exe_ktmam
[2012/09/08 17:43:21 | 000,010,817 | ---- | M] () -- C:\Users\catt\Desktop\Current_User_Start_Menu.zip
[2012/09/08 17:39:03 | 000,511,265 | ---- | M] () -- C:\Users\catt\Desktop\adwcleaner.exe
[2012/09/08 16:00:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Desktop\OTL(1).exe
[2012/09/08 15:56:52 | 001,378,816 | ---- | M] () -- C:\Users\catt\Desktop\RogueKiller.exe
[2012/09/07 12:17:58 | 000,001,990 | ---- | M] () -- C:\Users\catt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/05 03:18:31 | 000,450,824 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/30 13:42:28 | 000,132,181 | ---- | M] () -- C:\Users\catt\Desktop\558235_405683219490115_458526124_n.jpg
[2012/08/20 19:49:59 | 000,041,779 | ---- | M] () -- C:\Users\catt\Desktop\122710-807985_6_935994_full.jpg
[2012/08/20 19:40:31 | 000,045,297 | ---- | M] () -- C:\Users\catt\Desktop\1065464_34_1513986_full.jpg
[2012/08/20 19:38:51 | 000,026,908 | ---- | M] () -- C:\Users\catt\Desktop\936483_351_1650623_full.jpg
[2012/08/20 19:28:31 | 000,033,412 | ---- | M] () -- C:\Users\catt\Desktop\070411_1356140_6_2119240_full.jpg
[2012/08/20 19:25:37 | 000,061,891 | ---- | M] () -- C:\Users\catt\Desktop\JosephL_full.jpg
[2012/08/20 18:47:44 | 000,031,127 | ---- | M] () -- C:\Users\catt\Desktop\072012-2478512_6_4584758_full.jpg
[2012/08/20 18:34:02 | 000,066,285 | ---- | M] () -- C:\Users\catt\Desktop\142730_87_113856_full.jpg
[2012/08/20 18:31:28 | 000,081,072 | ---- | M] () -- C:\Users\catt\Desktop\AJ-Crandall-r_full.jpg

========== Files Created - No Company Name ==========

[2012/09/12 13:44:05 | 000,142,464 | ---- | C] () -- C:\Users\catt\AppData\Roaming\lqbyjd.exe_dhked
[2012/09/12 13:44:05 | 000,022,528 | ---- | C] () -- C:\Users\catt\AppData\Roaming\rnmsik.exe_djhek
[2012/09/12 13:44:05 | 000,019,456 | ---- | C] () -- C:\Users\catt\AppData\Roaming\chbxks.exe_ffxrx
[2012/09/12 10:24:03 | 000,142,464 | ---- | C] () -- C:\Users\catt\AppData\Roaming\klnjnm.exe_phyyd
[2012/09/12 10:24:03 | 000,022,528 | ---- | C] () -- C:\Users\catt\AppData\Roaming\lafkxn.exe_cruoq
[2012/09/12 10:24:03 | 000,019,456 | ---- | C] () -- C:\Users\catt\AppData\Roaming\owrfkc.exe_ktmam
[2012/09/12 10:21:49 | 265,693,127 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/09/08 17:49:49 | 000,001,409 | ---- | C] () -- C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/08 17:43:19 | 000,010,817 | ---- | C] () -- C:\Users\catt\Desktop\Current_User_Start_Menu.zip
[2012/09/08 17:38:51 | 000,511,265 | ---- | C] () -- C:\Users\catt\Desktop\adwcleaner.exe
[2012/09/08 15:56:49 | 001,378,816 | ---- | C] () -- C:\Users\catt\Desktop\RogueKiller.exe
[2012/08/30 13:42:23 | 000,132,181 | ---- | C] () -- C:\Users\catt\Desktop\558235_405683219490115_458526124_n.jpg
[2012/08/20 19:49:58 | 000,041,779 | ---- | C] () -- C:\Users\catt\Desktop\122710-807985_6_935994_full.jpg
[2012/08/20 19:40:30 | 000,045,297 | ---- | C] () -- C:\Users\catt\Desktop\1065464_34_1513986_full.jpg
[2012/08/20 19:38:50 | 000,026,908 | ---- | C] () -- C:\Users\catt\Desktop\936483_351_1650623_full.jpg
[2012/08/20 19:28:28 | 000,033,412 | ---- | C] () -- C:\Users\catt\Desktop\070411_1356140_6_2119240_full.jpg
[2012/08/20 19:25:36 | 000,061,891 | ---- | C] () -- C:\Users\catt\Desktop\JosephL_full.jpg
[2012/08/20 18:47:43 | 000,031,127 | ---- | C] () -- C:\Users\catt\Desktop\072012-2478512_6_4584758_full.jpg
[2012/08/20 18:34:01 | 000,066,285 | ---- | C] () -- C:\Users\catt\Desktop\142730_87_113856_full.jpg
[2012/08/20 18:31:25 | 000,081,072 | ---- | C] () -- C:\Users\catt\Desktop\AJ-Crandall-r_full.jpg
[2012/03/19 17:06:56 | 000,000,512 | ---- | C] () -- C:\Users\catt\MBR.dat
[2012/01/10 10:50:13 | 014,999,886 | ---- | C] () -- C:\Users\catt\teen.mom.s03e08.hdtv.xvid-crimson.avi
[2011/08/26 15:01:38 | 000,139,264 | ---- | C] () -- C:\windows\System32\gswin32c.exe
[2011/08/10 17:16:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/10 17:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/10 17:16:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/10 17:16:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/10 17:16:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/10 17:03:00 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/07/31 23:58:10 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/07/31 23:58:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2010/11/03 21:53:06 | 000,136,489 | ---- | C] () -- C:\windows\hphins33.dat
[2010/11/03 21:53:06 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat

========== LOP Check ==========

[2012/09/12 09:31:55 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\BitTorrent
[2012/01/26 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\Catalina Marketing Corp
[2012/01/26 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\OpenOffice.org
[2009/07/13 23:53:46 | 000,032,392 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#32
Essexboy

Posted 12 September 2012 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

We are going to have to run an AV scan as I am missing something ..

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
[2012/09/12 13:44:04 | 000,059,904 | ---- | C] (Apple Inc.4FileDescription) -- C:\Users\catt\AppData\Roaming\zduwpk.exe_unuuo
[2012/09/12 10:24:02 | 000,059,904 | ---- | C] (Apple Inc.4FileDescription) -- C:\Users\catt\AppData\Roaming\ijlwot.exe_gortf
[2012/09/12 13:44:08 | 000,142,464 | ---- | M] () -- C:\Users\catt\AppData\Roaming\lqbyjd.exe_dhked
[2012/09/12 13:44:07 | 000,022,528 | ---- | M] () -- C:\Users\catt\AppData\Roaming\rnmsik.exe_djhek
[2012/09/12 13:44:07 | 000,019,456 | ---- | M] () -- C:\Users\catt\AppData\Roaming\chbxks.exe_ffxrx
[2012/09/12 10:24:06 | 000,142,464 | ---- | M] () -- C:\Users\catt\AppData\Roaming\klnjnm.exe_phyyd
[2012/09/12 10:24:04 | 000,022,528 | ---- | M] () -- C:\Users\catt\AppData\Roaming\lafkxn.exe_cruoq
[2012/09/12 10:24:04 | 000,019,456 | ---- | M] () -- C:\Users\catt\AppData\Roaming\owrfkc.exe_ktmam
[2012/09/08 17:43:21 | 000,010,817 | ---- | M] () -- C:\Users\catt\Desktop\Current_User_Start_Menu.zip
[2012/09/12 13:44:05 | 000,142,464 | ---- | C] () -- C:\Users\catt\AppData\Roaming\lqbyjd.exe_dhked
[2012/09/12 13:44:05 | 000,022,528 | ---- | C] () -- C:\Users\catt\AppData\Roaming\rnmsik.exe_djhek
[2012/09/12 13:44:05 | 000,019,456 | ---- | C] () -- C:\Users\catt\AppData\Roaming\chbxks.exe_ffxrx
[2012/09/12 10:24:03 | 000,142,464 | ---- | C] () -- C:\Users\catt\AppData\Roaming\klnjnm.exe_phyyd
[2012/09/12 10:24:03 | 000,022,528 | ---- | C] () -- C:\Users\catt\AppData\Roaming\lafkxn.exe_cruoq
[2012/09/12 10:24:03 | 000,019,456 | ---- | C] () -- C:\Users\catt\AppData\Roaming\owrfkc.exe_ktmam

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#33
catttreanor

Posted 12 September 2012 - 07:22 PM

Member

Topic Starter
Member
67 posts

OTL logfile created on: 9/12/2012 4:18:31 PM - Run 15
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\catt\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 50.64% Memory free
3.50 Gb Paging File | 2.37 Gb Available in Paging File | 67.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.92 Gb Total Space | 88.84 Gb Free Space | 32.55% Space Free | Partition Type: NTFS

Computer Name: BETSY | User Name: catt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 23:23:57 | 000,714,808 | ---- | M] () -- C:\Users\catt\AppData\Local\temp\RarSFX0\3165143.exe
PRC - [2012/09/12 23:23:52 | 000,455,248 | ---- | M] (Kaspersky Lab) -- C:\Users\catt\AppData\Local\temp\6345889\3165143.exe
PRC - [2012/09/12 16:13:48 | 135,133,648 | ---- | M] () -- C:\Users\catt\Desktop\setup_11.0.0.1245.x01_2012_09_12_23_22.exe
PRC - [2012/09/08 16:00:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Desktop\OTL(1).exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/09/28 13:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\HealthCare\HealthCare.exe
PRC - [2009/08/24 08:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/07/29 17:01:10 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/07/10 11:04:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/10 11:04:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/03 22:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/12 23:23:57 | 000,714,808 | ---- | M] () -- C:\Users\catt\AppData\Local\temp\RarSFX0\3165143.exe
MOD - [2012/09/12 16:13:48 | 135,133,648 | ---- | M] () -- C:\Users\catt\Desktop\setup_11.0.0.1245.x01_2012_09_12_23_22.exe
MOD - [2012/06/14 03:30:35 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 03:29:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:29:52 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 03:27:21 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:26:12 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:26:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:26:05 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:25:47 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/04/29 06:29:11 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3478.18702__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3478.18776__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3478.18684__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3478.18704__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3478.18756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3478.18737__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3478.18698__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:11 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3478.18727__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:11 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3478.18693__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3478.18693__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3478.18728__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3478.18724__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3478.18704__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3478.18742__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/04/29 06:29:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3478.18734__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3478.18692__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3478.18728__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3478.18776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/04/29 06:29:10 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3478.18775__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3478.18729__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3478.18734__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3478.18735__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/04/29 06:29:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/04/29 06:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3478.18800__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/04/29 06:29:09 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3478.18770__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/04/29 06:29:09 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3478.18769__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/04/29 06:29:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/04/29 06:29:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3478.18781__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/04/29 06:29:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/04/29 06:29:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/04/29 06:29:09 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3478.18679__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/04/29 06:29:09 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/04/29 06:29:08 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3478.18688__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/04/29 06:29:08 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3478.18764__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/04/29 06:29:08 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3478.18698__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/04/29 06:29:08 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3478.18680__90ba9c70f846762e\APM.Server.dll
MOD - [2010/04/29 06:29:08 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3478.18683__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/04/29 06:29:08 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3478.18681__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/04/29 06:29:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3478.18679__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/04/29 06:29:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/04/29 06:29:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/04/29 06:29:08 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/04/29 06:29:08 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3478.18770__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/09/09 11:25:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\en-us\en-us.dll
MOD - [2009/06/19 12:33:54 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/03 22:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 22:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2008/09/27 10:39:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\HOOK.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\windows\TEMP\AVSETUP_5050e4b1\avupgsvc.exe /TEMPSTART:C:\windows\TEMP\AVSETUP_5050e4b1\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE -- (AviraUpgradeService)
SRV - [2012/09/07 12:17:50 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/04 09:12:07 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/04 03:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 11:04:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\catt\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/12 23:22:41 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\81955033.sys -- (81955033)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 11:40:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 19:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
DRV - [2009/05/04 23:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/03/02 13:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2008/08/06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B37A3E90-AEDB-4334-A12D-210C842EF19C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://leftaction.co...en-US:official"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.14
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 09:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 17:09:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 09:33:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 17:09:15 | 000,000,000 | ---D | M]

[2010/11/01 09:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Extensions
[2012/09/08 22:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions
[2012/09/12 09:31:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/22 09:04:30 | 000,000,000 | ---D | M] (Performance Cache) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\[email protected]
[2012/09/04 09:30:36 | 000,243,317 | ---- | M] () (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\[email protected]
[2012/08/10 18:41:13 | 000,375,811 | ---- | M] () (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/08 17:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 12:17:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/27 01:56:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/09/04 09:30:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/04 09:30:24 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/12 16:01:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81955033.lnk = C:\Users\catt\AppData\Local\temp\_uninst_81955033.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3054F0-C6F0-4F36-8132-BBDB287D3BA5}: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/12 16:14:39 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\81955033.sys
[2012/09/12 14:02:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/12 14:01:59 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/12 10:17:20 | 004,749,988 | R--- | C] (Swearware) -- C:\Users\catt\Desktop\ComboFix.exe
[2012/09/08 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\catt\Desktop\Current_User_Start_Menu
[2012/09/08 16:00:16 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\catt\Desktop\OTL(1).exe
[2010/04/29 06:40:04 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2012/09/12 23:22:41 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\81955033.sys
[2012/09/12 16:15:14 | 000,001,002 | ---- | M] () -- C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81955033.lnk
[2012/09/12 16:13:48 | 135,133,648 | ---- | M] () -- C:\Users\catt\Desktop\setup_11.0.0.1245.x01_2012_09_12_23_22.exe
[2012/09/12 16:11:21 | 000,014,240 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 16:11:21 | 000,014,240 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 16:04:03 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 16:03:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/12 16:03:50 | 1407,746,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 16:01:57 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/09/12 15:58:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 15:30:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 13:43:20 | 265,693,127 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/09/12 13:40:26 | 004,749,988 | R--- | M] (Swearware) -- C:\Users\catt\Desktop\ComboFix.exe
[2012/09/08 17:39:03 | 000,511,265 | ---- | M] () -- C:\Users\catt\Desktop\adwcleaner.exe
[2012/09/08 16:00:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Desktop\OTL(1).exe
[2012/09/08 15:56:52 | 001,378,816 | ---- | M] () -- C:\Users\catt\Desktop\RogueKiller.exe
[2012/09/07 12:17:58 | 000,001,990 | ---- | M] () -- C:\Users\catt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/05 03:18:31 | 000,450,824 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/30 13:42:28 | 000,132,181 | ---- | M] () -- C:\Users\catt\Desktop\558235_405683219490115_458526124_n.jpg
[2012/08/20 19:49:59 | 000,041,779 | ---- | M] () -- C:\Users\catt\Desktop\122710-807985_6_935994_full.jpg
[2012/08/20 19:40:31 | 000,045,297 | ---- | M] () -- C:\Users\catt\Desktop\1065464_34_1513986_full.jpg
[2012/08/20 19:38:51 | 000,026,908 | ---- | M] () -- C:\Users\catt\Desktop\936483_351_1650623_full.jpg
[2012/08/20 19:28:31 | 000,033,412 | ---- | M] () -- C:\Users\catt\Desktop\070411_1356140_6_2119240_full.jpg
[2012/08/20 19:25:37 | 000,061,891 | ---- | M] () -- C:\Users\catt\Desktop\JosephL_full.jpg
[2012/08/20 18:47:44 | 000,031,127 | ---- | M] () -- C:\Users\catt\Desktop\072012-2478512_6_4584758_full.jpg
[2012/08/20 18:34:02 | 000,066,285 | ---- | M] () -- C:\Users\catt\Desktop\142730_87_113856_full.jpg
[2012/08/20 18:31:28 | 000,081,072 | ---- | M] () -- C:\Users\catt\Desktop\AJ-Crandall-r_full.jpg

========== Files Created - No Company Name ==========

[2012/09/12 16:15:14 | 000,001,002 | ---- | C] () -- C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81955033.lnk
[2012/09/12 16:12:25 | 135,133,648 | ---- | C] () -- C:\Users\catt\Desktop\setup_11.0.0.1245.x01_2012_09_12_23_22.exe
[2012/09/12 10:21:49 | 265,693,127 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/09/08 17:49:49 | 000,001,409 | ---- | C] () -- C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/08 17:38:51 | 000,511,265 | ---- | C] () -- C:\Users\catt\Desktop\adwcleaner.exe
[2012/09/08 15:56:49 | 001,378,816 | ---- | C] () -- C:\Users\catt\Desktop\RogueKiller.exe
[2012/08/30 13:42:23 | 000,132,181 | ---- | C] () -- C:\Users\catt\Desktop\558235_405683219490115_458526124_n.jpg
[2012/08/20 19:49:58 | 000,041,779 | ---- | C] () -- C:\Users\catt\Desktop\122710-807985_6_935994_full.jpg
[2012/08/20 19:40:30 | 000,045,297 | ---- | C] () -- C:\Users\catt\Desktop\1065464_34_1513986_full.jpg
[2012/08/20 19:38:50 | 000,026,908 | ---- | C] () -- C:\Users\catt\Desktop\936483_351_1650623_full.jpg
[2012/08/20 19:28:28 | 000,033,412 | ---- | C] () -- C:\Users\catt\Desktop\070411_1356140_6_2119240_full.jpg
[2012/08/20 19:25:36 | 000,061,891 | ---- | C] () -- C:\Users\catt\Desktop\JosephL_full.jpg
[2012/08/20 18:47:43 | 000,031,127 | ---- | C] () -- C:\Users\catt\Desktop\072012-2478512_6_4584758_full.jpg
[2012/08/20 18:34:01 | 000,066,285 | ---- | C] () -- C:\Users\catt\Desktop\142730_87_113856_full.jpg
[2012/08/20 18:31:25 | 000,081,072 | ---- | C] () -- C:\Users\catt\Desktop\AJ-Crandall-r_full.jpg
[2012/03/19 17:06:56 | 000,000,512 | ---- | C] () -- C:\Users\catt\MBR.dat
[2012/01/10 10:50:13 | 014,999,886 | ---- | C] () -- C:\Users\catt\teen.mom.s03e08.hdtv.xvid-crimson.avi
[2011/08/26 15:01:38 | 000,139,264 | ---- | C] () -- C:\windows\System32\gswin32c.exe
[2011/08/10 17:16:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/10 17:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/10 17:16:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/10 17:16:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/10 17:16:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/10 17:03:00 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/07/31 23:58:10 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/07/31 23:58:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2010/11/03 21:53:06 | 000,136,489 | ---- | C] () -- C:\windows\hphins33.dat
[2010/11/03 21:53:06 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat

========== LOP Check ==========

[2012/09/12 09:31:55 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\BitTorrent
[2012/01/26 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\Catalina Marketing Corp
[2012/01/26 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\OpenOffice.org
[2009/07/13 23:53:46 | 000,032,642 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#34
catttreanor

Posted 12 September 2012 - 07:23 PM

Member

Topic Starter
Member
67 posts

Status: Deleted (events: 12)
9/12/2012 5:39:24 PM Deleted Trojan program Trojan.Win32.Jorik.Downloader.daq C:\Qoobox\Quarantine\C\ProgramData\PMy36ThF.exe.vir High
9/12/2012 5:39:28 PM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\Qoobox\Quarantine\C\Users\catt\api-ms-win-cowin3.exe.vir High
9/12/2012 6:31:06 PM Deleted Trojan program Trojan.Script.Suspic.gen C:\Windows\Installer\46149.msi High
9/12/2012 6:31:06 PM Deleted Trojan program Trojan.Script.Suspic.gen C:\Windows\Installer\46149.msi//disk1.cab High
9/12/2012 6:31:06 PM Deleted Trojan program Trojan.Script.Suspic.gen C:\Windows\Installer\46149.msi//disk1.cab//DDNIOOBE.VBS High
9/12/2012 6:45:02 PM Deleted Trojan program Trojan.Win32.Jorik.Lethic.aip C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\chbxks.exe_ffxrx High
9/12/2012 6:45:18 PM Deleted Trojan program Trojan.Win32.Jorik.IRCbot.shu C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\ijlwot.exe_gortf High
9/12/2012 6:45:21 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\klnjnm.exe_phyyd High
9/12/2012 6:45:28 PM Deleted Trojan program Trojan.Win32.Jorik.Lethic.apy C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\lafkxn.exe_cruoq High
9/12/2012 6:45:42 PM Deleted Trojan program Trojan.Win32.Jorik.Lethic.aip C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\owrfkc.exe_ktmam High
9/12/2012 8:12:00 PM Deleted Trojan program Trojan.Win32.Jorik.Lethic.apy C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\rnmsik.exe_djhek High
9/12/2012 6:45:48 PM Deleted Trojan program Trojan.Win32.Jorik.IRCbot.shu C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\zduwpk.exe_unuuo High
Status: Quarantined (events: 1)
9/12/2012 6:45:30 PM Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\09122012_160155\C_Users\catt\AppData\Roaming\lqbyjd.exe_dhked High

#35
catttreanor

Posted 12 September 2012 - 07:27 PM

Member

Topic Starter
Member
67 posts

Here is the manual detection thing

#36
Essexboy

Posted 13 September 2012 - 04:47 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you attach it please

#37
catttreanor

Posted 13 September 2012 - 07:36 AM

Member

Topic Starter
Member
67 posts

It will only let me attach half.. it says the other half is a type of file that cannot be uploaded. Here it is copy and pasted

List of processes
File name PID Description Copyright MD5 Information
c:\program files\ddni\lenovo idea notes\ddnimsgservice.exe
Script: Quarantine, Delete, BC delete, Terminate 3252 Caravan Service 2008, Digital Delivery Networks, Inc. ?? 167.84 kb, rsAh,
created: 01.11.2010 23:30:20,
modified: 20.07.2010 11:04:24
Command line:
"C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe"
c:\program files\ddni\dibs\ddniservice.exe
Script: Quarantine, Delete, BC delete, Terminate 1608 DIBS Service 2008, Digital Delivery Networks, Inc. ?? 159.84 kb, rsAh,
created: 01.11.2010 23:30:20,
modified: 23.07.2010 09:31:54
Command line:
"C:\Program Files\DDNI\DIBS\DDNIService.exe"
c:\windows\explorer.exe
Script: Quarantine, Delete, BC delete, Terminate 1996 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 2555.00 kb, rsAh,
created: 04.09.2012 09:21:36,
modified: 25.02.2011 00:30:54
Command line:
C:\windows\Explorer.EXE
c:\program files\lenovo\healthcare\healthcare.exe
Script: Quarantine, Delete, BC delete, Terminate 2956 © Copyright Lenovo 2009. All rights reserved. ?? 808.00 kb, rsAh,
created: 29.04.2010 06:36:38,
modified: 28.09.2009 13:09:06
Command line:
"C:\Program Files\Lenovo\HealthCare\HealthCare.exe" /hide
Detected:58, recognized as trusted 58
Module name Handle Description Copyright MD5 Used by processes
C:\Program Files\DDNI\DIBS\BitsUtil.dll
Script: Quarantine, Delete, BC delete 131072 BitsUtil 2008, Digital Delivery Networks, Inc. -- 1608
C:\Program Files\DDNI\DIBS\Win32Utils.dll
Script: Quarantine, Delete, BC delete 268435456 Win32Utils Copyright © 2008 DDNI -- 1608
C:\Program Files\DDNI\Lenovo Idea Notes\BitsUtil.dll
Script: Quarantine, Delete, BC delete 131072 BitsUtil 2008, Digital Delivery Networks, Inc. -- 3252
C:\Program Files\DDNI\Lenovo Idea Notes\Win32Utils.dll
Script: Quarantine, Delete, BC delete 268435456 Win32Utils 2008, Digital Delivery Networks, Inc. -- 3252
C:\Program Files\Lenovo\HealthCare\en-us\en-us.dll
Script: Quarantine, Delete, BC delete 6291456 -- 2956
C:\Program Files\Lenovo\HealthCare\HOOK.dll
Script: Quarantine, Delete, BC delete 268435456 -- 2956
C:\Program Files\Lenovo\HealthCare\KeyStone.ax
Script: Quarantine, Delete, BC delete 6160384 vmc412 Special Control Copyright © 2008 Vimicro Corporation -- 2956
C:\QuickPDFConverter\qpcontextmenu.dll
Script: Quarantine, Delete, BC delete 1650196480 -- 1996
C:\windows\system32\DDCHelper.dll
Script: Quarantine, Delete, BC delete 21561344 WINI2C-DDC Library ©2006-2009, Nicomsoft Ltd. -- 2956
Modules detected:686, recognized as trusted 677
Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\windows\System32\Drivers\dump_dumpata.sys
Script: Quarantine, Delete, BC delete 92EEF000 00B000 (45056)
C:\windows\System32\Drivers\dump_dumpfve.sys
Script: Quarantine, Delete, BC delete 92F04000 011000 (69632)
C:\windows\System32\Drivers\dump_msahci.sys
Script: Quarantine, Delete, BC delete 92EFA000 00A000 (40960)
Modules detected - 149, recognized as trusted - 146
Services
Service Description Status File Group Dependencies
AviraUpgradeService
Service: Stop, Delete, Disable, BC delete Avira Upgrade Service Not started C:\windows\TEMP\AVSETUP_5050e4b1\avupgsvc.exe
Script: Quarantine, Delete, BC delete
Detected - 161, recognized as trusted - 160
Drivers
Service Description Status File Group Dependencies
catchme
Driver: Unload, Delete, Disable, BC delete catchme Not started C:\Users\catt\AppData\Local\Temp\catchme.sys
Script: Quarantine, Delete, BC delete Base
SBRE
Driver: Unload, Delete, Disable, BC delete SBRE Not started C:\windows\system32\drivers\SBREdrv.sys
Script: Quarantine, Delete, BC delete Base
Detected - 252, recognized as trusted - 250
Autoruns
File name Status Startup method Description
C:\Program Files\Xilisoft\DivX to DVD Converter\DivX to DVD Converter.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\catt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\catt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xilisoft DivX to DVD Converter.lnk,
C:\ProgramData\1jv4PjOjeywkjD.exe
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\catt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\catt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk,
C:\Users\catt\AppData\Local\temp\_uninst_81955033.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81955033.lnk,
C:\windows\System32\appmgmts.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll
Delete
C:\windows\System32\drivers\avipbb.sys
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\avipbb, EventMessageFile
C:\windows\System32\drivers\sbapifs.sys
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Anti-Spyware Filter, EventMessageFile
C:\windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\windows\system32\vp6vfw.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.VP60
Delete
C:\windows\system32\vp6vfw.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.VP61
Delete
SDEvents.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile
progman.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
vgafix.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items detected - 618, recognized as trusted - 603
Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)
File name Type Description Manufacturer CLSID
BHO {5C255C8A-E604-49b4-9D64-90988571CECB}
Delete
"C:\Program Files\Microsoft\BingBar\BingExt.dll"
Script: Quarantine, Delete, BC delete BHO {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
Delete
"C:\Program Files\Microsoft\BingBar\BingExt.dll"
Script: Quarantine, Delete, BC delete Toolbar {8dcb7100-df86-4384-8842-8fa844297b3f}
Delete
Extension module {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
Delete
Extension module {92780B25-18CC-41C8-B9BE-3C9C571A8263}
Delete
Elements detected - 10, recognized as trusted - 5
Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
Shell Extension for Malware scanning {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Delete
Elements detected - 33, recognized as trusted - 32
Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
Elements detected - 8, recognized as trusted - 8
Task Scheduler jobs
File name Job name Job status Description Manufacturer
Elements detected - 3, recognized as trusted - 3
SPI/LSP settings
Namespace providers (NSP)
Provider Status EXE file Description GUID
Detected - 6, recognized as trusted - 6
Transport protocol providers (TSP, LSP)
Provider EXE file Description
Detected - 22, recognized as trusted - 22
Results of automatic SPI settings check

LSP settings checked. No errors detected

TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [764] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [3420] c:\program files\windows media player\wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [452] c:\windows\system32\wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [884] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [972] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [1336] c:\windows\system32\spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [552] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49157 LISTENING 0.0.0.0 0 [508] c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete, Terminate
49444 ESTABLISHED 127.0.0.1 49445 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49445 ESTABLISHED 127.0.0.1 49444 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54150 ESTABLISHED 69.171.248.16 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54159 ESTABLISHED 74.125.45.18 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54189 ESTABLISHED 69.171.224.53 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54190 ESTABLISHED 23.3.68.104 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54198 ESTABLISHED 8.18.42.218 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54235 TIME_WAIT 207.171.162.75 80 [0]
54238 TIME_WAIT 74.125.134.113 80 [0]
54239 TIME_WAIT 64.236.85.88 80 [0]
54241 TIME_WAIT 64.236.85.88 80 [0]
54250 TIME_WAIT 74.125.45.148 80 [0]
54251 TIME_WAIT 74.125.45.148 80 [0]
54253 TIME_WAIT 74.125.45.148 80 [0]
54262 TIME_WAIT 72.21.211.9 80 [0]
54263 TIME_WAIT 72.21.215.147 80 [0]
54304 TIME_WAIT 64.236.85.88 80 [0]
54316 TIME_WAIT 74.125.45.157 80 [0]
54317 TIME_WAIT 74.125.137.154 80 [0]
54319 TIME_WAIT 64.236.85.82 80 [0]
54320 ESTABLISHED 31.13.66.26 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54324 ESTABLISHED 69.171.224.37 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54328 ESTABLISHED 69.171.224.37 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54329 ESTABLISHED 199.7.48.72 80 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54330 TIME_WAIT 199.7.48.72 80 [0]
54332 ESTABLISHED 96.17.111.43 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54336 ESTABLISHED 96.17.111.43 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54337 ESTABLISHED 96.17.111.43 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54338 ESTABLISHED 8.18.42.203 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54339 ESTABLISHED 8.18.42.203 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54340 ESTABLISHED 8.18.42.203 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
54341 ESTABLISHED 8.18.42.203 443 [3812] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [972] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1434 LISTENING -- -- [1756] c:\program files\microsoft sql server\90\shared\sqlbrowser.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1092] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1092] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [972] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [3420] c:\program files\windows media player\wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [3420] c:\program files\windows media player\wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1180] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
51046 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
51047 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58807 LISTENING -- -- [1092] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
62984 LISTENING -- -- [3288] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
62986 LISTENING -- -- [1092] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 4, recognized as trusted - 4
Control Panel Applets (CPL)
File name Description Manufacturer
Elements detected - 22, recognized as trusted - 22
Active Setup
File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9
HOSTS file
Hosts file record

яю1

Clear Hosts file
Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 20, recognized as trusted - 17
Suspicious objects
File Description Type

Main script of analysis
Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
System Restore: enabled
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 003A0010<>77592082
IAT modification detected: GetModuleFileNameA - 003A0080<>775DD75A
IAT modification detected: FreeLibrary - 003A00F0<>775DEF67
IAT modification detected: GetModuleFileNameW - 003A0160<>775DEF35
IAT modification detected: CreateProcessW - 003A01D0<>7759204D
IAT modification detected: LoadLibraryW - 003A02B0<>775DEF42
IAT modification detected: LoadLibraryA - 003A0320<>775DDC65
IAT modification detected: GetProcAddress - 003A0390<>775DCC94
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=169B00)
Kernel ntkrnlpa.exe found in memory at address 82C12000
SDT = 82D7BB00
KiST = 82C90D5C (401)
Functions checked: 401, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
CmpCallCallBacks = 00000000
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking of IRP handlers
Driver loaded successfully
Checking - complete
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress

System Analysis - complete

Attached Files

avz_sysinfo.xml 22.63KB 122 downloads

#38
Essexboy

Posted 13 September 2012 - 07:39 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you attach the entire zip file please
On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#39
catttreanor

Posted 13 September 2012 - 08:00 AM

Member

Topic Starter
Member
67 posts

When I tried to do that it told me I was not allowed to upload a file of this kind so I extracted it out to my desktop. I cannot find the original zip file to try again bc my electricity went out and when I turned my computer back on the antivirus was no longer open

#40
Essexboy

Posted 13 September 2012 - 08:02 AM

GeekU Moderator

Retired Staff
69,964 posts

The file I am after is the HTML one could you zip that and attach it please

#41
catttreanor

Posted 13 September 2012 - 08:07 AM

Member

Topic Starter
Member
67 posts

This one?

Attached Files

avz_sysinfo.zip 8.42KB 63 downloads

#42
Essexboy

Posted 13 September 2012 - 08:13 AM

GeekU Moderator

Retired Staff
69,964 posts

Thats the one

Re-run AVPTool
Select the Manual Disinfection tab and press Script execution

Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End

Posted Image

begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 BC_DeleteFile('C:\ProgramData\1jv4PjOjeywkjD.exe');
 DeleteFile('C:\ProgramData\1jv4PjOjeywkjD.exe');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Your system will reboot on completion, if it does not please do so yourself
On completion please run another analysis scan and attach the zip file

#43
catttreanor

Posted 13 September 2012 - 11:47 AM

Member

Topic Starter
Member
67 posts

okay

Attached Files

avptool_sysinfo.zip 17.13KB 70 downloads

#44
Essexboy

Posted 13 September 2012 - 12:41 PM

GeekU Moderator

Retired Staff
69,964 posts

So all we need to do now is figure out how to get your programme files back

Could you confirm that the redirects have gone

Could you open the start menu and right click on the all programs bit

Left click Open
You should see something like what is pictured below, though the actual contents may be a little different

Click on Programs and do you see somthing similar