Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove Babylon?! [Solved]

Started by cyanidez , Oct 22 2012 04:30 PM

  • This topic is locked This topic is locked

#1
cyanidez
Posted 22 October 2012 - 04:30 PM

cyanidez

    Member

  • Member
  • PipPip
  • 31 posts
Hi

my wife accidentally said yes to some installation that included babylon and now I cant get rid of this Babylon toolbar in Chrome and I suspect it has also installed some other malware as suddenly a window pops up with some sort of optimiser I should use for downloads etc. Could one of the experts please help!! Thank you v much. I am in GMT time zone which might affect how quickly I can follow instructions!!

Cyan
  • 0

Advertisements

#2
Nedklaw
Posted 22 October 2012 - 05:34 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, cyanidez! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

These instructions are specifically designed for cyanidez only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Download AdwCleaner from here to your desktop.
Run AdwCleaner and select Delete.

Posted Image

Once done it will ask to reboot, allow this.
On reboot a log will be produced. Please post that in your next reply.


Step 2

Posted Image Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs 
BASESERVICES 
%SYSTEMDRIVE%\*.exe 
/md5start 
services.* 
explorer.exe 
winlogon.exe 
Userinit.exe 
svchost.exe 
winsock.*
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 3

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • AdwCleaner Log
  • OTL.txt
  • Extras.txt
  • aswMBR.txt
  • 0

#3
cyanidez
Posted 23 October 2012 - 05:41 AM

cyanidez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Nedlaw, thanks for picking this up!! Please see below the four logs you asked for.

cheerio
Cyan

# AdwCleaner v2.005 - Logfile created 10/23/2012 at 12:19:57
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ThinkPad - OEM-4F6F04BD145
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ThinkPad\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Browser Manager
File Deleted : C:\WINDOWS\Tasks\Browser Manager.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\ThinkPad\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\ThinkPad\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\ThinkPad\Start Menu\Programs\Browser Manager

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\S-1-5-21-1454471165-861567501-725345543-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115589&tt=4312_3&babsrc=NT_ss&mntrId=1caea02c0000000000000013e8ab4cc7 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\ThinkPad\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7341 octets] - [23/10/2012 12:19:57]

########## EOF - C:\AdwCleaner[S1].txt - [7401 octets] ##########


OTL logfile created on: 23/10/2012 12:25:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ThinkPad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 69.26% Memory free
3.81 Gb Paging File | 3.28 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 59.26 Gb Free Space | 79.51% Space Free | Partition Type: NTFS

Computer Name: OEM-4F6F04BD145 | User Name: ThinkPad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/23 12:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ThinkPad\Desktop\OTL.exe
PRC - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/06/03 19:18:14 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/22 18:02:56 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/04/22 18:02:54 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/04/22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/03/26 04:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/23 03:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/07/08 14:51:00 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/08 14:51:00 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/06/12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/11/07 19:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/11 12:17:06 | 002,069,528 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/26 13:00:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/09/25 13:51:03 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
MOD - [2012/09/25 13:50:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/09/25 13:50:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/09/25 00:19:59 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012/09/25 00:18:35 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/09/25 00:17:40 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/09/25 00:16:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/09/25 00:16:24 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/09/24 23:59:33 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/05/12 01:25:00 | 000,035,840 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/04/22 17:00:26 | 000,020,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
MOD - [2010/04/22 16:43:02 | 000,229,376 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2010/04/22 16:42:52 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2010/04/22 16:42:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2009/07/08 14:49:38 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/07/08 14:47:28 | 000,069,697 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/01/14 18:37:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2009/01/14 18:37:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/07/08 14:51:00 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009/06/12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/17 15:09:10 | 000,091,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/07/17 15:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 15:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/06/02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/05/12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010/05/12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/26 04:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/03/17 22:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/12/29 15:48:54 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/08/10 02:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/09 11:46:04 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/21 10:56:18 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/06/21 10:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/03/13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/06/08 10:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/06 17:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/01 09:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 09:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 09:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 09:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 09:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 09:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 09:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 09:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 99 D3 0B 87 AF CD 01 [binary data]
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enGB416
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/09/28 13:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ThinkPad\Application Data\Mozilla\Extensions
[2012/10/22 22:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-21-1454471165-861567501-725345543-1005..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262167520687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262167633218 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F05DA3-E0A8-4D33-9270-AFD51A14EDB7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/29 15:00:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/23 12:18:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ThinkPad\Desktop\aswMBR.exe
[2012/10/23 12:18:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ThinkPad\Desktop\OTL.exe
[2012/10/23 00:09:19 | 000,127,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2012/10/23 00:09:02 | 000,554,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2012/10/23 00:08:58 | 000,091,168 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2012/10/23 00:08:52 | 000,166,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/10/23 00:03:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/10/22 23:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/10/22 23:01:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/10/22 22:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
[2012/10/22 22:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/10/22 22:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/10/22 22:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/10/22 22:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/22 22:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\AirInstaller
[2012/10/06 21:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/10/01 09:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\Temp
[2012/10/01 09:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2012/10/01 09:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\My Documents\Downloads
[2012/09/28 13:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Local Settings\Application Data\Zotero
[2012/09/28 13:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\Mozilla
[2012/09/28 10:46:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempA02D3C4F-B214-94EE-1663-F2FD4A416C06-Signatures
[2012/09/27 20:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Local Settings\Application Data\Identities
[2012/09/25 15:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\Avaya
[2012/09/24 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/24 23:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/24 22:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/09/24 21:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\My Documents\ThinkVantage Access Connections
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/23 12:26:26 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/23 12:26:26 | 000,072,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/23 12:22:27 | 000,065,212 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/10/23 12:22:25 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/10/23 12:22:21 | 000,190,394 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/23 12:21:46 | 000,025,181 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/10/23 12:21:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/23 12:21:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/23 12:21:32 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012/10/23 12:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/23 12:18:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ThinkPad\Desktop\aswMBR.exe
[2012/10/23 12:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ThinkPad\Desktop\OTL.exe
[2012/10/23 12:17:25 | 000,538,941 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\adwcleaner.exe
[2012/10/23 12:17:18 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB7BC30D-E923-4205-B427-7BA577BDA00B}.job
[2012/10/23 12:14:43 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 00:04:13 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/22 10:01:36 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/10/20 23:21:26 | 007,248,896 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\unique wedding venues.msam
[2012/10/19 12:54:08 | 010,720,247 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\SocialMediaMarketingReport2011.pdf
[2012/10/17 21:09:24 | 000,038,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/11 00:09:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/10/07 19:25:09 | 000,900,852 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\Buyer-Keywords-Guide.pdf
[2012/10/07 15:59:54 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\london spa hotels.msam
[2012/10/06 22:58:59 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\luxury wedding spa packages london seo competition.csv
[2012/10/01 14:08:31 | 000,624,803 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\LONPR_etools1.pdf
[2012/09/29 06:12:55 | 000,001,118 | ---- | M] () -- C:\Settings.ini
[2012/09/27 22:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/25 16:19:04 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\Internet (2).lnk
[2012/09/25 13:47:57 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/24 23:56:34 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/24 22:21:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/09/24 22:13:45 | 000,065,212 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/09/24 22:08:11 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/23 12:17:23 | 000,538,941 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\adwcleaner.exe
[2012/10/19 12:54:04 | 010,720,247 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\SocialMediaMarketingReport2011.pdf
[2012/10/17 21:09:24 | 000,038,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/17 21:08:57 | 007,248,896 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\unique wedding venues.msam
[2012/10/07 19:25:07 | 000,900,852 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\Buyer-Keywords-Guide.pdf
[2012/10/06 22:58:59 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\luxury wedding spa packages london seo competition.csv
[2012/10/06 21:53:10 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\london spa hotels.msam
[2012/10/01 14:08:31 | 000,624,803 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\LONPR_etools1.pdf
[2012/09/29 06:12:55 | 000,001,118 | ---- | C] () -- C:\Settings.ini
[2012/09/28 10:47:38 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/09/25 16:19:04 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\Internet (2).lnk
[2012/09/25 13:57:53 | 000,455,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/09/24 23:56:34 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/24 22:28:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/24 22:28:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/24 22:21:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/09/24 22:21:41 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/27 11:00:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/30 16:35:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/12/29 15:22:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/29 06:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/22 22:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2010/09/02 10:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/09/27 22:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/09/02 10:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/09/25 15:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\Avaya
[2010/09/02 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\Lenovo
[2012/10/06 21:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/10/01 09:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\Temp

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 01:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 01:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 01:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 14:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 01:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 01:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 01:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 01:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 01:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 01:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 01:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 01:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 01:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 01:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 01:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 01:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 01:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 01:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 01:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 01:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 01:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 01:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 01:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 01:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 01:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 01:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 01:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 01:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 13:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 01:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 01:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 07:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 13:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/07/27 21:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DLL >
[2006/11/24 17:19:24 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2009/12/29 15:00:02 | 000,001,602 | ---- | M] () MD5=9ED914D0FAB1186201B893FAAA93343E -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 13:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 13:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 13:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >



OTL Extras logfile created on: 23/10/2012 12:25:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ThinkPad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 69.26% Memory free
3.81 Gb Paging File | 3.28 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 59.26 Gb Free Space | 79.51% Space Free | Partition Type: NTFS

Computer Name: OEM-4F6F04BD145 | User Name: ThinkPad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6CE851D7-DD98-489A-9227-5BBE08E7064B}" = ThinkVantage Fingerprint Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AirInstaller" = Download Manager and Options

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/04/2011 09:52:12 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:12 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:23 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:23 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:34 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:34 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:45 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:45 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:56 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

Error - 10/04/2011 09:52:56 | Computer Name = OEM-4F6F04BD145 | Source = nview_info | ID = 11141121
Description =

[ OSession Events ]
Error - 29/09/2012 01:12:05 | Computer Name = OEM-4F6F04BD145 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 70838
seconds with 4800 seconds of active time. This session ended with a crash.

Error - 11/10/2012 07:38:41 | Computer Name = OEM-4F6F04BD145 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5271
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22/10/2012 21:30:30 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 21:35:45 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 21:41:00 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 21:46:15 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 21:51:30 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 22:02:30 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 22:07:45 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 22/10/2012 22:13:00 | Computer Name = OEM-4F6F04BD145 | Source = BTWUSB | ID = 262187
Description =

Error - 23/10/2012 07:14:28 | Computer Name = OEM-4F6F04BD145 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.8 on
the Network Card with network address 0013E8AB4CC7.

Error - 23/10/2012 07:19:56 | Computer Name = OEM-4F6F04BD145 | Source = Service Control Manager | ID = 7031
Description = The Browser Manager service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-23 12:31:36
-----------------------------
12:31:36.890 OS Version: Windows 5.1.2600 Service Pack 3
12:31:36.890 Number of processors: 2 586 0xF0A
12:31:36.890 ComputerName: OEM-4F6F04BD145 UserName: ThinkPad
12:31:37.421 Initialize success
12:33:22.250 AVAST engine defs: 12102300
12:33:45.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:33:45.093 Disk 0 Vendor: HITACHI_HTS541680J9SA00 SB2IC7UP Size: 76319MB BusType: 3
12:33:45.125 Disk 0 MBR read successfully
12:33:45.125 Disk 0 MBR scan
12:33:45.171 Disk 0 Windows XP default MBR code
12:33:45.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
12:33:45.171 Disk 0 scanning sectors +156295440
12:33:45.265 Disk 0 scanning C:\WINDOWS\system32\drivers
12:33:57.750 Service scanning
12:34:22.078 Modules scanning
12:34:29.484 Disk 0 trace - called modules:
12:34:29.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:34:29.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d78ab8]
12:34:29.500 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x89d9b1c0]
12:34:29.500 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d90940]
12:34:30.015 AVAST engine scan C:\WINDOWS
12:34:32.328 AVAST engine scan C:\WINDOWS\system32
12:36:50.687 AVAST engine scan C:\WINDOWS\system32\drivers
12:37:04.328 AVAST engine scan C:\Documents and Settings\ThinkPad
12:38:01.031 AVAST engine scan C:\Documents and Settings\All Users
12:38:21.203 Scan finished successfully
12:38:35.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ThinkPad\Desktop\MBR.dat"
12:38:35.921 The log file has been saved successfully to "C:\Documents and Settings\ThinkPad\Desktop\aswMBR.txt"
  • 0

#4
Nedklaw
Posted 24 October 2012 - 09:52 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands 
[CREATERESTOREPOINT] 

:OTL 
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/10/22 22:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
[2012/10/22 22:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/10/22 22:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/10/22 22:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands 
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • 0

#5
cyanidez
Posted 24 October 2012 - 04:29 PM

cyanidez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Nedklaw,

I deleted some extensions from Chrome and simply uninstalled the rogue "optimisation" program and it hasnt showed up for a couple of days now. So I wonder whether it has gone away. I went through all the steps as you directed but on the last one, the online ESET scan, I got a message saying "Cannot get update, is proxy configured?". So I dont have a log for ESET. Having said that, it seems MBAM did not show up anything malicious. May be this has turned out easier than I thought and the threat has been dealt with already?! (fingers crossed that is the case!!)

Thank you again for your help. The logs follow in the order you stated.

cheerio
cyan

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\ThinkPad\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn\data folder moved successfully.
C:\Documents and Settings\ThinkPad\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn folder moved successfully.
C:\WINDOWS\System32\searchplugins folder moved successfully.
C:\WINDOWS\System32\Extensions folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Browser Manager folder moved successfully.
C:\WINDOWS\002877_.tmp deleted successfully.
C:\WINDOWS\qfe783.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\ThinkPad\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ThinkPad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 288354 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ThinkPad
->Temp folder emptied: 57298 bytes
->Temporary Internet Files folder emptied: 5275893 bytes
->Google Chrome cache emptied: 23806464 bytes
->Flash cache emptied: 2885910 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 270361587 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 289.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10242012_222717

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





OTL logfile created on: 24/10/2012 22:32:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ThinkPad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.76% Memory free
3.81 Gb Paging File | 3.19 Gb Available in Paging File | 83.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 59.55 Gb Free Space | 79.91% Space Free | Partition Type: NTFS

Computer Name: OEM-4F6F04BD145 | User Name: ThinkPad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/23 12:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ThinkPad\Desktop\OTL.exe
PRC - [2012/10/10 11:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/06/03 19:18:14 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/22 18:02:56 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/04/22 18:02:54 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/04/22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/03/26 04:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/23 03:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/07/08 14:51:00 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/08 14:51:00 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/06/12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/11/07 19:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/09/26 13:00:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/09/25 13:51:03 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
MOD - [2012/09/25 13:50:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/09/25 13:50:27 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/09/25 00:19:59 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012/09/25 00:18:35 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/09/25 00:17:40 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/09/25 00:16:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/09/25 00:16:24 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/09/24 23:59:33 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/05/12 01:25:00 | 000,035,840 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/04/22 17:00:26 | 000,020,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
MOD - [2010/04/22 16:43:02 | 000,229,376 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2010/04/22 16:42:52 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2010/04/22 16:42:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2009/07/08 14:49:38 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/07/08 14:47:28 | 000,069,697 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/01/14 18:37:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2009/01/14 18:37:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/17 15:09:30 | 000,166,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/07/08 14:51:00 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009/06/12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/17 15:09:10 | 000,091,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/07/17 15:07:00 | 000,554,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/17 15:04:46 | 000,127,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/06/02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/05/12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010/05/12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/26 04:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/03/17 22:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/12/29 15:48:54 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/08/10 02:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/09 11:46:04 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/21 10:56:18 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/06/21 10:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/03/13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/06/08 10:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/06 17:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/01 09:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 09:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 09:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 09:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 09:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 09:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 09:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 09:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 99 D3 0B 87 AF CD 01 [binary data]
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enGB416
IE - HKU\S-1-5-21-1454471165-861567501-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/09/28 13:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ThinkPad\Application Data\Mozilla\Extensions
[2012/10/22 22:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-21-1454471165-861567501-725345543-1005..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-861567501-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262167520687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262167633218 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F05DA3-E0A8-4D33-9270-AFD51A14EDB7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/29 15:00:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 22:27:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/23 12:18:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ThinkPad\Desktop\aswMBR.exe
[2012/10/23 12:18:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ThinkPad\Desktop\OTL.exe
[2012/10/23 00:09:19 | 000,127,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2012/10/23 00:09:02 | 000,554,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2012/10/23 00:08:58 | 000,091,168 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2012/10/23 00:08:52 | 000,166,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/10/23 00:03:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/10/22 23:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/10/22 23:01:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/10/22 22:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/22 22:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\AirInstaller
[2012/10/06 21:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/10/01 09:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\Temp
[2012/10/01 09:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2012/10/01 09:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\My Documents\Downloads
[2012/09/28 13:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Local Settings\Application Data\Zotero
[2012/09/28 13:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\Mozilla
[2012/09/28 10:46:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempA02D3C4F-B214-94EE-1663-F2FD4A416C06-Signatures
[2012/09/27 20:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Local Settings\Application Data\Identities
[2012/09/25 15:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ThinkPad\Application Data\Avaya
[2012/09/24 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/24 23:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2012/10/24 22:33:53 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/24 22:33:53 | 000,072,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/24 22:33:16 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB7BC30D-E923-4205-B427-7BA577BDA00B}.job
[2012/10/24 22:29:58 | 000,028,124 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/10/24 22:29:55 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/10/24 22:29:50 | 000,190,394 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/24 22:29:14 | 000,025,181 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/10/24 22:29:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/24 22:29:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/24 22:29:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012/10/24 22:29:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/24 22:24:32 | 000,028,124 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/10/23 22:07:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 12:38:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\MBR.dat
[2012/10/23 12:18:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ThinkPad\Desktop\aswMBR.exe
[2012/10/23 12:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ThinkPad\Desktop\OTL.exe
[2012/10/23 12:17:25 | 000,538,941 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\adwcleaner.exe
[2012/10/23 00:04:13 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/22 10:01:36 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/10/20 23:21:26 | 007,248,896 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\unique wedding venues.msam
[2012/10/19 12:54:08 | 010,720,247 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\SocialMediaMarketingReport2011.pdf
[2012/10/17 21:09:24 | 000,038,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/11 00:09:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/10/07 19:25:09 | 000,900,852 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\Buyer-Keywords-Guide.pdf
[2012/10/07 15:59:54 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\london spa hotels.msam
[2012/10/06 22:58:59 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\luxury wedding spa packages london seo competition.csv
[2012/10/01 14:08:31 | 000,624,803 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\LONPR_etools1.pdf
[2012/09/29 06:12:55 | 000,001,118 | ---- | M] () -- C:\Settings.ini
[2012/09/27 22:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/25 16:19:04 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\ThinkPad\Desktop\Internet (2).lnk
[2012/09/25 13:47:57 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/24 23:56:34 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/10/23 12:38:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\MBR.dat
[2012/10/23 12:17:23 | 000,538,941 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\adwcleaner.exe
[2012/10/19 12:54:04 | 010,720,247 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\SocialMediaMarketingReport2011.pdf
[2012/10/17 21:09:24 | 000,038,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/17 21:08:57 | 007,248,896 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\unique wedding venues.msam
[2012/10/07 19:25:07 | 000,900,852 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\Buyer-Keywords-Guide.pdf
[2012/10/06 22:58:59 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\luxury wedding spa packages london seo competition.csv
[2012/10/06 21:53:10 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\london spa hotels.msam
[2012/10/01 14:08:31 | 000,624,803 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\LONPR_etools1.pdf
[2012/09/29 06:12:55 | 000,001,118 | ---- | C] () -- C:\Settings.ini
[2012/09/28 10:47:38 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/09/25 16:19:04 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\ThinkPad\Desktop\Internet (2).lnk
[2012/09/25 13:57:53 | 000,455,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/09/24 23:56:34 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/24 22:28:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/27 11:00:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/30 16:35:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/12/29 15:22:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/29 06:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/02 10:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/09/27 22:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/09/02 10:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/09/25 15:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\Avaya
[2010/09/02 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\Lenovo
[2012/10/06 21:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/10/01 09:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ThinkPad\Application Data\Temp

========== Purity Check ==========



< End of report >






Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ThinkPad :: OEM-4F6F04BD145 [administrator]

Protection: Enabled

24/10/2012 23:13:27
mbam-log-2012-10-24 (23-13-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184963
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
Nedklaw
Posted 27 October 2012 - 11:45 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Download the Mcafee Removal Tool to your desktop. Run it and reboot your computer.


Congratulations your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Installing an Antivirus Program

It is very important your computer has an antivirus program on it. Antivirus programs help prevent, detect and remove malware such as viruses, trojans, worms etc. Files and emails will be scanned as you use them, download them or open them. If a virus is found in one of them, the antivirus program will stop you running the file, email, program etc and therefore stops you from infecting yourself.
It is very important you update your antivirus program so it knows about new viruses, trojans, worms etc. If your computer is infected with a new infection your antivirus (not updated) won't think it's bad, it won't alert you when you run it and therefore, you get infected!

Here are some links to some free antivirus programs:

Note: Only run one antivirus program on your computer at any one time!


Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands
[emptytemp]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Make sure you have the latest version of Adobe Reader. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.4.402.278) and Adobe Shockwave Player (11.6.8.638) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#7
cyanidez
Posted 29 October 2012 - 04:25 AM

cyanidez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Nedklaw,

Fantastic - that is a relief. Am following your instructions on installing the protection you recommend. Thank you so much for your help - you are the best!

cheerio!
Cyan
  • 0

#8
Nedklaw
Posted 30 October 2012 - 01:38 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP