|
-
August 28th, 2010, 01:38 AM
#1
Trojan still lurking on computer?
Hi, I'm not very computer savvy and I think there may still be a trojan lurking somewhere on my computer. I would appreciate any help, thanks!
Lenovo with Vista
Intel(R) Core(TM) 2 Duo CPU T5250 @1.50GHz
32-bit operating system
Cable internet
(let me know if any more computer info is needed here)
So I had downloaded some stuff from rapidshare, and I virus scanned the .rar before I unzipped it. it was clean. I use AVIRA (version 10.0.0.567) and I had updated it in the morning before all of this virus chaos happened.
Next I downloaded an updated version (2.35.1219) of ccleaner and installed it, then did a ccleaner cleanup of my computer.
Then i did an AdAware (8.3.1) scan, and nothing was detected.
Continued using my computer. Shortly afterward, a popup notification box from Avira appeared, and it said the Guard detected something. I think I saw the word Trojan. There were two buttons I think - Remove, or Show Details . I clicked Details, thinking that i could see the details and then go right back to choose to remove the file. But nothing happened, the notification box went away, but I didn't get any details about the trojan or anything. I opened Avira, went to look at Events, and saw this:
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Windows\temp\SBS_LIBNSIS_TEMP_20100727200044.296_ 6.
Action performed: Allow access
Then I went to the "Guard" section of Avira. The "Last file found" = C:\Windows\temp\SBS_LIBNSIS_TEMP_20100727200044.296_ 6
And the "last virus or unwanted program found" = TR/Crypt.XPACK.Gen
So...I did a full Malwarebytes scan (I had to first update it, then I did the scan). It found nothing.
Then i did an Avira full scan, and it found 1 Warning but NO infected objects or viruses or anything, I can't even find that original trojan/infected temp file now, either! This was the warning Avira found:
warning: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000f.dll
[WARNING] 'Is the TR/Spy.5656576 Trojan'. This detection is probably an error. Please send us this file immediately for further analysis.
I send the file to Avira just now for analysis.
That is all I have done up to this point. I don't know if the ccleaner cleanup ended up deleting that original trojan file, but then why would the trojan be detected after the ccleaner scan was done?
I am worried that there is still a trojan lurking around on my computer, or something worse. I would appreciate any help offered!
Thank you very much, in advance!
-
August 28th, 2010, 06:46 PM
#2
Welcome aboard 
Please, read here: http://discussions.virtualdr.com/sho...d.php?t=167915, and post required logs.
-
August 28th, 2010, 08:06 PM
#3
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4496
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
28/08/2010 8:04:18 PM
mbam-log-2010-08-28 (20-04-18).txt
Scan type: Quick scan
Objects scanned: 137586
Time elapsed: 10 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
August 28th, 2010, 09:10 PM
#4
The GMER scan gave me the bluescreen several times, but I was able to do the DDS scan at least.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Emily at 21:01:33.09 on 28/08/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.899 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Seagate\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
D:\Program Files\PSI\psi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
D:\Program Files\adobeacrobat\Distillr\acrotray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Adobe\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
D:\Program Files\Seagate\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
D:\Program Files\adobeacrobat\Acrobat\acrobat_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Emily\Documents\Downloads\dds.scr
C:\Windows\system32\conime.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\emily\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [EzButton] c:\progra~1\ezbutton\EzButton.EXE
mRun: [EnergyUtility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [Acrobat Assistant 7.0] "d:\program files\adobeacrobat\distillr\Acrotray.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MaxMenuMgr] "d:\program files\seagate\freeagent status\StxMenuMgr.exe"
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
StartupFolder: c:\users\emily\appdata\roaming\micros~1\windows\startm~1\programs\startup\skysca~1.lnk - c:\program files\common files\skyscape\SmartUpdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - d:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
-
August 28th, 2010, 09:10 PM
#5
================= FIREFOX ===================
FF - ProfilePath - c:\users\emily\appdata\roaming\mozilla\firefox\profiles\0rr64awa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\emily\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\emily\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\emily\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\program files\adobe\reader\browser\nppdf32.dll
FF - plugin: d:\program files\netscape6\nppl3260.dll
FF - plugin: d:\program files\netscape6\nprjplug.dll
FF - plugin: d:\program files\netscape6\nprpjplug.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-13 28544]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-17 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-17 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-17 60936]
R2 FreeAgentGoNext Service;Seagate Service;d:\program files\seagate\sync\FreeAgentService.exe [2008-7-30 161064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2007-10-26 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-16 15008]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
=============== Created Last 30 ================
2010-08-29 00:49:36 233789796 ----a-w- c:\windows\MEMORY.DMP
2010-08-25 02:36:28 0 d-----w- c:\users\emily\appdata\roaming\AnvSoft
2010-08-20 23:58:24 569344 ----a-w- c:\windows\vsnp2uvc.exe
2010-08-20 23:58:24 15497 ----a-w- c:\windows\snp2uvc.ini
2010-08-20 23:58:24 13022 ----a-w- c:\windows\snp2uvc.src
2010-08-20 23:58:21 9599744 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2010-08-20 23:58:20 98304 ----a-w- c:\windows\system32\rsnp2uvc.dll
2010-08-20 23:58:20 27904 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2010-08-20 23:58:19 299008 ----a-w- c:\windows\system32\vsnp2uvc.dll
2010-08-20 23:58:17 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2010-08-20 23:58:17 0 d-----w- c:\program files\common files\snp2uvc
2010-08-17 20:27:54 0 d-----w- C:\Drivers
2010-08-16 20:38:38 0 d-----w- c:\program files\iTunes
2010-08-14 22:36:17 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-13 23:58:55 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 23:32:57 0 d-----w- c:\program files\DivX
2010-08-13 23:32:24 0 d-----w- c:\programdata\DivX
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2010-08-21 00:00:07 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-21 00:00:07 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-21 00:00:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2008-12-20 16:57:11 174 --sha-w- c:\program files\desktop.ini
2008-07-05 03:20:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-17 14:03:03 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 19:33:41 393216 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 18:22:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 21:03:41.03 ===============
-
August 28th, 2010, 09:11 PM
#6
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/10/2007 12:05:28 AM
System Uptime: 28/08/2010 8:55:43 PM (1 hours ago)
Motherboard: LENOVO | | IGT30
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 29 GiB total, 3.669 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 7 GiB free.
E: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0011
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0011
Service: tunnel
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.2.4
ALPS Touch Pad Driver
Any Video Converter 3.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CCleaner
Chinese Traditional Fonts Support For Adobe Reader 8
Easy Button
EasyCapture
EnergyCut
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Panda ActiveScan 2.0
Power2Go 5.0
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Seagate Manager Installer
Secunia PSI
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
ShuttleCenter
smARTupdate
Spelling Dictionaries Support For Adobe Reader 8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Outlook 2007 Junk Email Filter (kb2279264)
USB Video Device
VeriFace
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 11.1
YouTube Downloader 2.6
==== Event Viewer Messages From Past Week ========
28/08/2010 8:56:27 PM, Error: EventLog [6008] - The previous system shutdown at 8:53:24 PM on 28/08/2010 was unexpected.
28/08/2010 8:49:38 PM, Error: EventLog [6008] - The previous system shutdown at 8:41:17 PM on 28/08/2010 was unexpected.
28/08/2010 8:35:23 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:33 PM on 28/08/2010 was unexpected.
28/08/2010 8:24:48 PM, Error: EventLog [6008] - The previous system shutdown at 8:20:57 PM on 28/08/2010 was unexpected.
24/08/2010 9:53:48 PM, Error: EventLog [6008] - The previous system shutdown at 9:06:44 PM on 24/08/2010 was unexpected.
24/08/2010 10:51:57 PM, Error: EventLog [6008] - The previous system shutdown at 10:48:35 PM on 24/08/2010 was unexpected.
23/08/2010 8:03:28 PM, Error: EventLog [6008] - The previous system shutdown at 7:54:47 PM on 23/08/2010 was unexpected.
23/08/2010 12:04:54 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
22/08/2010 2:31:35 AM, Error: EventLog [6008] - The previous system shutdown at 2:29:12 AM on 22/08/2010 was unexpected.
21/08/2010 12:27:17 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
21/08/2010 12:26:20 AM, Error: EventLog [6008] - The previous system shutdown at 12:24:33 AM on 21/08/2010 was unexpected.
21/08/2010 12:15:35 AM, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.
==== End Of File ===========================
-
August 28th, 2010, 10:12 PM
#7
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
August 28th, 2010, 11:01 PM
#8
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: LENOVO3000 Y410
Logical Drives Mask: 0x0000005c
Kernel Drivers (total 154):
0x82000000 \SystemRoot\system32\ntkrnlpa.exe
0x823A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\drivers\intelide.sys
0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807EC000 \SystemRoot\system32\drivers\pavboot.sys
0x807A2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8079A000 \SystemRoot\system32\drivers\atapi.sys
0x8077C000 \SystemRoot\system32\drivers\ataport.SYS
0x8074B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8073B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8072C000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80722000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8061E000 \SystemRoot\system32\drivers\ndis.sys
0x81FD5000 \SystemRoot\system32\drivers\msrpc.sys
0x81F9C000 \SystemRoot\system32\drivers\NETIO.SYS
0x81E94000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81E2A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87BCA000 \SystemRoot\system32\drivers\volsnap.sys
0x80616000 \SystemRoot\System32\Drivers\spldr.sys
0x80607000 \SystemRoot\System32\drivers\partmgr.sys
0x81E1B000 \SystemRoot\System32\Drivers\mup.sys
0x87BA5000 \SystemRoot\System32\drivers\ecache.sys
0x81E0A000 \SystemRoot\system32\drivers\disk.sys
0x87B84000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x81E01000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AE2E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88970000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AEAB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88979000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BC08000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BAC4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AE21000 \SystemRoot\System32\drivers\watchdog.sys
0x8AE16000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BA87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AE08000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AEF7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C3D8000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8BA58000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x88568000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AEE9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AED1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x885D8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BA44000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C297000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8AF6F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C2E8000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x8BA31000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BB60000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8AF3F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BA05000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8AF95000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C27F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AFEE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C254000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C214000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C209000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C7E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C7DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C7BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C2F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C7A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C306000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88926000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C766000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BB6A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C790000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C732000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88904000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x889C1000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x88508000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C851000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C6B5000 \SystemRoot\system32\drivers\portcls.sys
0x8C690000 \SystemRoot\system32\drivers\drmk.sys
0x8CB10000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C683000 \SystemRoot\system32\drivers\modem.sys
0x8CCD8000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8C666000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8881C000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x88****** \SystemRoot\system32\DRIVERS\USBD.SYS
0x8899D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88823000 \SystemRoot\System32\Drivers\Null.SYS
0x8882A000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C65A000 \SystemRoot\System32\drivers\vga.sys
0x8C639000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8889C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x888A4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C79D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C60B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x889A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CC03000 \SystemRoot\System32\drivers\tcpip.sys
0x8C838000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C823000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C80F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CA19000 \SystemRoot\system32\drivers\afd.sys
0x8F7CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CA03000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C801000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F7BB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AFA6000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F780000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F740000 \??\C:\PROGRA~1\EzButton\DPortIO.sys
0x8BB74000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F729000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F707000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x88914000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F664000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F6DC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CA60000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x88884000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95C00000 \SystemRoot\System32\win32k.sys
0x8BB88000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C324000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA7200000 \SystemRoot\System32\TSDDD.dll
0xA7210000 \SystemRoot\System32\cdd.dll
0xA7649000 \SystemRoot\system32\drivers\luafv.sys
0xA7634000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9932000 \SystemRoot\system32\drivers\spsys.sys
0x88538000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA98C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BBA6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9021000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA49A000 \SystemRoot\system32\drivers\HTTP.sys
0xA986C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA441000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA42D000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA40D000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB3E2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB369000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB357000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB2F3000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB2A2000 \SystemRoot\System32\DRIVERS\srv.sys
0xAEF22000 \SystemRoot\system32\drivers\peauth.sys
0x8BB9C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8CAE4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAEECD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAB202000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAF40A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x777E0000 \Windows\System32\ntdll.dll
Processes (total 87):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
516 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
600 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
808 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\svchost.exe
1596 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1720 C:\Windows\System32\spoolsv.exe
1744 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1756 C:\Windows\System32\svchost.exe
448 C:\Windows\System32\dwm.exe
484 C:\Windows\System32\taskeng.exe
1276 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1584 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
228 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
288 C:\Program Files\Bonjour\mDNSResponder.exe
1368 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1604 D:\Program Files\Seagate\Sync\FreeAgentService.exe
1004 C:\Windows\System32\svchost.exe
624 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2052 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2096 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2120 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2160 C:\Windows\System32\svchost.exe
2228 C:\Windows\System32\svchost.exe
2284 C:\Windows\System32\SearchIndexer.exe
2508 WUDFHost.exe
2728 unsecapp.exe
2756 C:\Windows\System32\taskeng.exe
2972 WmiPrvSE.exe
3068 C:\Windows\System32\taskeng.exe
3136 D:\Program Files\PSI\psi.exe
3240 C:\Program Files\Windows Defender\MSASCui.exe
3252 C:\Windows\System32\igfxtray.exe
3268 C:\Windows\System32\hkcmd.exe
3280 C:\Windows\System32\igfxpers.exe
3304 C:\Windows\System32\igfxsrvc.exe
3340 C:\Windows\RtHDVCpl.exe
3348 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
3360 C:\Program Files\EzButton\EzButton.EXE
3408 C:\Program Files\Lenovo\EnergyCut\utilty.exe
3420 C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
3428 C:\Program Files\Apoint2K\Apoint.exe
3440 C:\Program Files\Lenovo\VeriFace\PManage.exe
3460 C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
3496 D:\Program Files\adobeacrobat\Distillr\acrotray.exe
3516 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3524 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3640 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3684 C:\Program Files\iTunes\iTunesHelper.exe
3828 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3940 C:\Program Files\Apoint2K\ApMsgFwd.exe
3960 D:\Program Files\Seagate\FreeAgent Status\stxmenumgr.exe
2176 C:\Program Files\Apoint2K\ApntEx.exe
2260 C:\Windows\vsnp2uvc.exe
2024 C:\Windows\ehome\ehtray.exe
2416 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3144 C:\Windows\ehome\ehmsas.exe
3368 C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
3552 C:\Windows\System32\wbem\unsecapp.exe
3532 C:\Program Files\iPod\bin\iPodService.exe
5764 C:\Windows\System32\wuauclt.exe
5016 C:\Windows\System32\conime.exe
2376 C:\Program Files\iTunes\iTunes.exe
5740 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4176 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
4224 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4660 C:\Windows\explorer.exe
2868 C:\Windows\System32\SearchProtocolHost.exe
5976 C:\Windows\System32\SearchFilterHost.exe
5732 C:\Windows\System32\notepad.exe
3604 C:\Users\Emily\Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`5343e000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
-
August 28th, 2010, 11:03 PM
#9
ComboFix 10-08-27.03 - Emily 28/08/2010 22:39:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.988 [GMT -4:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.
2010-08-29 02:32 . 2010-08-29 02:32 -------- d-----w- C:\32788R22FWJFW
2010-08-25 02:36 . 2010-08-25 02:36 -------- d-----w- c:\users\Emily\AppData\Roaming\AnvSoft
2010-08-24 23:23 . 2010-08-24 23:36 -------- d-----w- c:\users\Emily\AppData\Roaming\vlc
2010-08-20 23:58 . 2006-12-28 23:48 569344 ----a-w- c:\windows\vsnp2uvc.exe
2010-08-20 23:58 . 2006-12-28 20:20 9599744 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2010-08-20 23:58 . 2006-12-28 15:21 27904 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2010-08-20 23:58 . 2006-12-22 20:25 98304 ----a-w- c:\windows\system32\rsnp2uvc.dll
2010-08-20 23:58 . 2007-01-11 22:01 299008 ----a-w- c:\windows\system32\vsnp2uvc.dll
2010-08-20 23:58 . 2010-08-20 23:58 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-08-20 23:58 . 2005-11-23 17:55 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2010-08-20 23:56 . 2010-08-20 23:56 -------- d-----w- c:\users\Emily\AppData\Roaming\InstallShield
2010-08-17 20:27 . 2010-08-17 20:27 -------- d-----w- C:\Drivers
2010-08-16 20:38 . 2010-08-16 20:41 -------- d-----w- c:\program files\iTunes
2010-08-16 20:29 . 2010-08-16 20:29 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 22:41 . 2010-08-29 02:47 -------- d-----w- c:\users\Emily\AppData\Local\temp
2010-08-13 23:58 . 2010-08-13 23:59 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 23:58 . 2010-07-12 08:56 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-13 23:35 . 2010-08-13 23:35 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-13 23:32 . 2010-08-13 23:43 -------- d-----w- c:\program files\DivX
2010-08-13 23:32 . 2010-08-13 23:43 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 02:52 . 2009-01-01 23:55 5648 ----a-w- c:\users\Emily\AppData\Local\d3d9caps.dat
2010-08-20 23:58 . 2007-10-26 04:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 18:29 . 2007-10-26 05:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-17 19:58 . 2010-04-05 05:44 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-17 19:58 . 2010-04-05 05:44 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-17 19:58 . 2010-04-05 05:44 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-17 19:58 . 2010-04-05 05:44 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-17 19:58 . 2010-04-05 05:44 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-17 19:58 . 2010-04-05 05:44 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-17 19:58 . 2010-04-05 05:44 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-17 19:58 . 2010-04-05 05:44 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-08-17 19:58 . 2010-04-05 05:44 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-17 19:58 . 2008-01-02 21:49 -------- d-----w- c:\program files\Common Files\Real
2010-08-16 20:38 . 2010-05-02 22:38 -------- d-----w- c:\program files\iPod
2010-08-16 20:38 . 2009-09-05 03:56 -------- d-----w- c:\program files\Common Files\Apple
2010-08-16 19:12 . 2007-10-26 05:00 -------- d-----w- c:\programdata\Microsoft Help
2010-08-16 18:35 . 2009-10-31 15:24 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-16 17:58 . 2007-11-25 02:09 105224 ----a-w- c:\users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 17:46 . 2007-10-26 05:02 -------- d-----w- c:\program files\Microsoft Works
2010-08-16 17:23 . 2007-10-26 05:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-15 05:02 . 2008-01-11 02:14 -------- d-----w- c:\program files\Java
2010-08-15 04:45 . 2008-01-11 02:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 23:55 . 2009-01-27 06:03 -------- d-----w- c:\program files\Lavasoft
2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 09:00 . 2010-05-20 17:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:55 . 2010-06-06 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-01-27 06:24 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2007-10-26 05:07 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-23 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-04-14 502544]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-07-26 2502656]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-07-26 1232896]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2007-10-26 241664]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-08-09 417792]
"Acrobat Assistant 7.0"="d:\program files\adobeacrobat\Distillr\Acrotray.exe" [2004-12-14 483328]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-17 864624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-17 202256]
"MaxMenuMgr"="d:\program files\Seagate\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-5 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-29 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-17 15008]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\Sync\FreeAgentService.exe [2008-07-30 161064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-17 1355416]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 11776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
.
Contents of the 'Scheduled Tasks' folder
2010-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 01:25]
2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004Core.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 15:19]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004UA.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 15:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0rr64awa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Emily\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 22:47
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1716)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
Completion time: 2010-08-28 22:50:53
ComboFix-quarantined-files.txt 2010-08-29 02:50
Pre-Run: 3,811,921,920 bytes free
Post-Run: 3,684,597,760 bytes free
- - End Of File - - 5746A92208031F634028B1200C42EEB0
-
August 28th, 2010, 11:17 PM
#10
Both logs looks clean 
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 29th, 2010, 12:14 AM
#11
OTL logfile created on: 28/08/2010 11:59:14 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Emily\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 3.37 Gb Free Space | 11.50% Space Free | Partition Type: NTFS
Drive D: | 105.94 Gb Total Space | 7.65 Gb Free Space | 7.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 14.90 Gb Total Space | 7.80 Gb Free Space | 52.31% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VISTA
Current User Name: Emily
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/28 23:38:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.exe
PRC - [2010/08/17 15:57:05 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/16 21:25:52 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/08/16 21:25:51 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/21 07:43:54 | 000,965,176 | ---- | M] (Secunia) -- D:\Program Files\PSI\psi.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/19 18:14:45 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/30 14:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- D:\Program Files\Seagate\Sync\FreeAgentService.exe
PRC - [2008/07/30 14:23:02 | 000,177,448 | ---- | M] (Seagate LLC) -- D:\Program Files\Seagate\FreeAgent Status\stxmenumgr.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/26 01:07:49 | 000,241,664 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2007/08/09 19:38:58 | 000,417,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
PRC - [2007/07/26 17:05:44 | 001,232,896 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2007/07/26 15:20:38 | 002,502,656 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\EnergyCut\utilty.exe
PRC - [2007/05/23 14:13:15 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/23 03:51:44 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/14 02:47:46 | 000,502,544 | ---- | M] (Dritek System Inc.) -- C:\Program Files\EzButton\EzButton.EXE
PRC - [2006/12/28 19:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2006/11/22 04:31:28 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/02 05:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\adobeacrobat\Distillr\acrotray.exe
========== Modules (SafeList) ==========
MOD - [2010/08/28 23:38:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.exe
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/08/16 21:25:51 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 18:14:45 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/07/30 14:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- D:\Program Files\Seagate\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/23 14:13:15 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Emily\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/16 21:26:02 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/08/02 04:46:24 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/20 16:51:30 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/05 17:39:26 | 000,011,776 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/04/30 06:39:46 | 001,747,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/23 06:13:24 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/08 15:03:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/28 16:20:40 | 009,599,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/22 04:35:02 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 09:29:40 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 09:27:38 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\EzButton\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
-
August 29th, 2010, 12:15 AM
#12
contd
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/17 15:58:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 15:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/20 02:04:44 | 000,000,000 | ---D | M]
[2008/12/09 11:47:16 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\Mozilla\Extensions
[2010/08/28 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0rr64awa.default\extensions
[2010/08/20 23:38:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0rr64awa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/28 00:26:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0rr64awa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/15 00:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/20 13:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 00:43:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/09 11:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/08/14 18:36:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] D:\Program Files\adobeacrobat\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] D:\Program Files\Seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skyscape SmartUpdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - D:\Program Files\adobeacrobat\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: D:\b&w\classic hollywood\tumblr_kvci96gTPb1qa5ff2 1950.jpg
O24 - Desktop BackupWallPaper: D:\b&w\classic hollywood\tumblr_kvci96gTPb1qa5ff2 1950.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.clmp3enc - C:\Program Files\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
-
August 29th, 2010, 12:16 AM
#13
contd
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/08/28 23:38:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.exe
[2010/08/28 22:50:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/28 22:50:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/28 22:32:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/28 22:32:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/28 22:32:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/28 22:32:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/28 22:32:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/28 22:32:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/28 22:32:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/24 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Emily\Documents\Any Video Converter
[2010/08/24 22:36:28 | 000,000,000 | ---D | C] -- C:\Users\Emily\AppData\Roaming\AnvSoft
[2010/08/24 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\Emily\AppData\Roaming\vlc
[2010/08/20 19:58:24 | 000,569,344 | ---- | C] (Sonix) -- C:\Windows\vsnp2uvc.exe
[2010/08/20 19:58:20 | 000,098,304 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010/08/20 19:58:19 | 000,299,008 | ---- | C] (Sonix) -- C:\Windows\System32\vsnp2uvc.dll
[2010/08/20 19:58:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010/08/20 19:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2uvc
[2010/08/20 19:56:43 | 000,000,000 | ---D | C] -- C:\Users\Emily\AppData\Roaming\InstallShield
[2010/08/18 19:55:29 | 000,000,000 | ---D | C] -- C:\Users\Emily\Desktop\cshp
[2010/08/18 19:55:04 | 000,000,000 | ---D | C] -- C:\Users\Emily\Desktop\ocp jp
[2010/08/17 16:27:54 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/08/16 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/16 16:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/16 16:09:08 | 000,000,000 | ---D | C] -- C:\Users\Emily\Desktop\logs
[2010/08/16 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\Emily\Documents\My Received Files
[2010/08/14 18:41:35 | 000,000,000 | ---D | C] -- C:\Users\Emily\AppData\Local\temp
[2010/08/14 17:09:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/13 19:58:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/13 19:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/13 19:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/18 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Emily\Desktop\New Folder (2)
[2010/07/07 10:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys
[2010/06/23 00:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/23 00:04:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/06 13:44:20 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/01 00:36:44 | 000,000,000 | ---D | C] -- C:\Users\Emily\Desktop\maps
========== Files - Modified Within 90 Days ==========
[2010/08/28 23:59:21 | 003,932,160 | -HS- | M] () -- C:\Users\Emily\NTUSER.DAT
[2010/08/28 23:54:28 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 23:54:28 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 23:38:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.exe
[2010/08/28 23:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004UA.job
[2010/08/28 22:54:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 22:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/28 22:54:19 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 22:52:44 | 005,546,631 | -H-- | M] () -- C:\Users\Emily\AppData\Local\IconCache.db
[2010/08/28 22:47:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/28 22:26:39 | 003,830,469 | R--- | M] () -- C:\Users\Emily\Desktop\ComboFix.exe
[2010/08/28 22:08:02 | 000,782,632 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/28 22:08:02 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/28 22:08:02 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/28 20:56:22 | 233,789,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/28 18:17:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004Core.job
[2010/08/28 10:36:05 | 000,384,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/26 16:22:00 | 000,095,744 | ---- | M] () -- C:\Users\Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 22:52:11 | 000,005,648 | ---- | M] () -- C:\Users\Emily\AppData\Local\d3d9caps.dat
[2010/08/24 22:36:37 | 000,000,635 | ---- | M] () -- C:\Users\Emily\Desktop\Any Video Converter.lnk
[2010/08/24 19:22:50 | 000,000,584 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/20 00:09:02 | 000,001,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/08/19 03:23:17 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/08/17 20:24:43 | 000,001,211 | ---- | M] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\TFC - Shortcut.lnk
[2010/08/17 15:58:35 | 000,000,541 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/08/17 15:57:16 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/08/16 22:02:20 | 000,001,542 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/16 16:41:17 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/16 16:16:46 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/16 13:59:32 | 000,002,437 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/16 13:58:55 | 000,105,224 | ---- | M] () -- C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 13:49:25 | 000,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/08/14 18:36:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/13 19:58:52 | 000,001,031 | ---- | M] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/11 23:58:39 | 000,796,945 | ---- | M] () -- C:\Users\Emily\Documents\AnnualReport0809web.pdf
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys
========== Files Created - No Company Name ==========
[2010/08/28 22:32:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/28 22:32:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/28 22:32:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/28 22:32:41 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/28 22:32:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/28 22:26:29 | 003,830,469 | R--- | C] () -- C:\Users\Emily\Desktop\ComboFix.exe
[2010/08/28 20:49:36 | 233,789,796 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/24 22:36:37 | 000,000,635 | ---- | C] () -- C:\Users\Emily\Desktop\Any Video Converter.lnk
[2010/08/24 19:22:50 | 000,000,584 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/20 19:58:24 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/08/20 19:58:24 | 000,013,022 | ---- | C] () -- C:\Windows\snp2uvc.src
[2010/08/20 19:58:21 | 009,599,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010/08/19 03:23:17 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/08/17 15:58:35 | 000,000,541 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/08/16 22:02:20 | 000,001,542 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/16 16:41:17 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/16 16:16:46 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/16 12:32:01 | 000,001,211 | ---- | C] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\TFC - Shortcut.lnk
[2010/08/13 22:12:16 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/13 19:58:52 | 000,001,031 | ---- | C] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/11 23:58:39 | 000,796,945 | ---- | C] () -- C:\Users\Emily\Documents\AnnualReport0809web.pdf
[2009/02/22 13:24:44 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2009/01/01 19:55:53 | 000,005,648 | ---- | C] () -- C:\Users\Emily\AppData\Local\d3d9caps.dat
[2008/10/16 22:26:31 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2008/10/16 22:05:22 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2008/03/13 15:12:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/22 01:05:15 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/12/22 01:05:15 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/12/02 14:28:14 | 000,000,543 | ---- | C] () -- C:\Windows\DNAPrinters.ini
[2007/11/29 00:03:07 | 000,095,744 | ---- | C] () -- C:\Users\Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/24 22:16:42 | 000,129,360 | -H-- | C] () -- C:\Users\Emily\AppData\Roaming\Emily.idx
[2007/10/26 01:07:51 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2007/10/26 01:07:51 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2007/10/26 01:07:51 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2007/10/26 01:07:51 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2007/10/26 01:07:51 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2007/10/26 01:07:51 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2007/10/26 01:07:51 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2007/10/26 01:07:51 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2007/10/26 01:07:50 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2007/10/26 00:42:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/26 00:39:33 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2007/10/26 00:39:33 | 000,023,040 | ---- | C] () -- C:\Windows\ScrSav.dll
[2007/10/26 00:31:23 | 000,000,143 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/07/18 02:33:25 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/18 02:33:25 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/18 02:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/09 18:13:31 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/08/09 18:13:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/08/09 18:12:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
========== LOP Check ==========
[2010/08/24 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\AnvSoft
[2009/02/27 21:43:27 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\Canon
[2010/01/03 18:34:04 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\FFSJ
[2009/12/29 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\ImgBurn
[2009/10/31 11:52:17 | 000,000,000 | ---D | M] -- C:\Users\Emily\AppData\Roaming\OpenOffice.org
[2010/08/28 22:53:06 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/08/28 22:54:17 | 000,199,152 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 05:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/05/23 17:39:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/28 22:59:18 | 000,034,385 | ---- | M] () -- C:\caavsetupLog.txt
[2008/12/13 19:41:13 | 000,850,383 | ---- | M] () -- C:\caisslog.txt
[2010/08/28 22:50:53 | 000,017,998 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/28 22:54:37 | 022,282,019 | ---- | M] () -- C:\FaceProv.log
[2008/08/18 10:53:41 | 000,074,526 | ---- | M] () -- C:\HeadVideo.log
[2010/08/28 22:54:19 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 01:04:26 | 000,001,196 | ---- | M] () -- C:\JavaRa.log
[2010/08/28 22:54:18 | 2451,374,080 | -HS- | M] () -- C:\pagefile.sys
[2007/10/26 00:32:08 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2005/07/05 22:44:10 | 000,000,496 | ---- | M] () -- C:\sysprep
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2006/11/02 05:46:13 | 000,221,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2006/11/02 05:46:13 | 000,355,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\taskschd.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2007/05/23 14:12:26 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-16 19:12:56
========== Files - Unicode (All) ==========
[2010/08/13 02:03:57 | 000,064,000 | ---- | M] ()(C:\Users\Emily\Desktop\?.doc) -- C:\Users\Emily\Desktop\ಠ.doc
[2010/06/22 16:55:02 | 000,000,162 | -H-- | M] ()(C:\Users\Emily\Desktop\~$?.doc) -- C:\Users\Emily\Desktop\~$ಠ.doc
[2010/06/22 16:55:02 | 000,000,162 | -H-- | C] ()(C:\Users\Emily\Desktop\~$?.doc) -- C:\Users\Emily\Desktop\~$ಠ.doc
[2010/03/29 05:20:42 | 000,064,000 | ---- | C] ()(C:\Users\Emily\Desktop\?.doc) -- C:\Users\Emily\Desktop\ಠ.doc
< End of report >
-
August 29th, 2010, 12:18 AM
#14
And here is Extras.txt
OTL Extras logfile created on: 28/08/2010 11:59:14 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Emily\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 3.37 Gb Free Space | 11.50% Space Free | Partition Type: NTFS
Drive D: | 105.94 Gb Total Space | 7.65 Gb Free Space | 7.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 14.90 Gb Total Space | 7.80 Gb Free Space | 52.31% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VISTA
Current User Name: Emily
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7AB018B0-7451-4E8D-BB46-468D808C9AE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{85E87DBE-835B-4A65-B5A3-74C19D4F993E}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2D9367-5CE2-459D-A1E8-9B8A897949A2}" = protocol=6 | dir=in | app=d:\program files\adaware\ad-watch.exe |
"{1251B65A-9631-4715-AC86-9D80889AE935}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C06E800-F58C-4F84-A076-799A03EB6F85}" = protocol=17 | dir=in | app=c:\users\emily\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{2C3A1B66-89A3-4716-A5D4-56EF08FB5559}" = protocol=6 | dir=in | app=d:\programs to be installed\itunes\itunes.exe |
"{2DFD6C04-8A01-4211-98F6-71AF3CEBE820}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dms\clmsservice.exe |
"{409FDC67-0665-481D-A3E9-72F29DB5F637}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{49F4BEBE-5373-41B9-B0EC-85B2423F3707}" = protocol=17 | dir=in | app=d:\program files\ccleaner\ccleaner.exe |
"{603007AC-F74B-4C34-ADE1-CBFBDC6EC212}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{6704C967-84EC-453D-AF19-48829E5F1332}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\vpc32.exe |
"{7554593E-8B3B-445C-9B95-1E1600A1D86E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D1D448F-9041-40AC-81FA-A74C82E27728}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{900F0BB4-FAA4-40C1-9744-54CFA9C68751}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{900FD129-8260-4DDC-BC67-656BBE4DA5D0}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{915B712E-4E21-43C3-8AAA-64F9C1573A52}" = protocol=17 | dir=in | app=d:\program files\malwarebytes' anti-malware\mbam.exe |
"{94CB4C0B-F2FC-4628-82EC-5452A6DD880F}" = protocol=17 | dir=in | app=d:\program files\adaware\ad-aware.exe |
"{94F423FD-C0B0-4BD5-A472-77E4DCAA9DBD}" = protocol=6 | dir=in | app=d:\program files\adaware\ad-aware.exe |
"{9A1279F7-7DC3-4044-910C-AF7C28410749}" = protocol=6 | dir=in | app=c:\users\emily\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{9C69F862-18BF-4B94-ACBE-841685C0ABFE}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9C6E01C0-6583-4135-BEB6-83EEBB7B0C1B}" = protocol=6 | dir=in | app=c:\users\emily\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9EA95060-9F01-43BE-8CAD-B250103A5529}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9FEC9F83-53E0-4F70-8B9B-945158E1F395}" = dir=in | app=c:\program files\lenovo\shuttlecenter\pcmservice.exe |
"{A6E69C82-3375-4FA9-814E-EA7413E5E51A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9425C2E-CB65-4E1B-B839-FBCA20FA6DFA}" = protocol=17 | dir=in | app=c:\users\emily\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A9D6D4EC-B8E4-4A18-8CCB-EDB4BD2A93AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ABF798AD-A749-4F9A-AA64-D6FD8521813C}" = protocol=6 | dir=in | app=d:\program files\ccleaner\ccleaner.exe |
"{BDF28F48-F2B5-4232-B5AD-FF1E382B4E3C}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{CD7008CA-DD3C-4D89-8720-FBF9930738E1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CDFEEDB3-A178-4E1C-BE1F-206480892290}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\vpc32.exe |
"{D67C4985-4AD0-44C2-8AC1-D1E675C64FF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0AB64AD-1421-41BD-867F-7EE7DCA174DB}" = protocol=17 | dir=in | app=d:\program files\adaware\ad-watch.exe |
"{E15BCC49-62E3-4A80-83EA-593E46BDAAD8}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{E81AC5D5-2BD7-4B9B-B5B8-4689D462A6BE}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{E8227E6A-9036-42F8-A121-A827A3545A20}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dmp\clbrowserengine.exe |
"{F0B88B1A-A768-456F-AAB1-8E78B29F8212}" = protocol=17 | dir=in | app=d:\programs to be installed\itunes\itunes.exe |
"{F1A302FA-1851-4769-B4F6-14840F6E63D7}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F99423F3-B17F-4906-B9BA-D8776B1CD8DE}" = dir=in | app=c:\program files\lenovo\shuttlecenter\powercinema.exe |
"{FDA8C40C-90A2-40E5-A0A4-F2324DAA2488}" = protocol=6 | dir=in | app=d:\program files\malwarebytes' anti-malware\mbam.exe |
"TCP Query User{A1FF5E2A-AF67-4E60-A81A-23CE42F01007}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A661F4F9-FDDF-4B02-930E-9B4BD19AA0C2}D:\program files\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files\vlc\vlc.exe |
"TCP Query User{CFD046C8-73F8-4516-A972-13B14D187E3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FEEF0604-0A5D-411F-8E38-9532B3CE64CE}D:\program files\realplay.exe" = protocol=6 | dir=in | app=d:\program files\realplay.exe |
"UDP Query User{3CBCD3EA-131E-42C2-A681-3CEB4D29E519}D:\program files\realplay.exe" = protocol=17 | dir=in | app=d:\program files\realplay.exe |
"UDP Query User{5001C088-1C9F-448D-8BD6-666E708CA403}D:\program files\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files\vlc\vlc.exe |
"UDP Query User{8885EC49-B6E2-40DB-AA09-BF8E028291D7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E59C323A-AA1A-4BE8-BC14-CCBCD36F57F7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
-
August 29th, 2010, 12:19 AM
#15
contd
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = ShuttleCenter
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"EasyCapture2.5" = EasyCapture
"EzButton" = Easy Button
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"smARTupdate" = smARTupdate
"SMSERIAL" = Motorola SM56 Data Fax Modem
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07/05/2009 10:40:05 AM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 08/05/2009 11:07:43 AM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 09/05/2009 9:27:09 AM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 09/05/2009 6:07:05 PM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 09/05/2009 9:39:38 PM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 09/05/2009 10:21:39 PM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 10/05/2009 9:34:58 AM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 10/05/2009 4:23:12 PM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 10/05/2009 6:37:15 PM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
Error - 10/05/2009 8:40:11 PM | Computer Name = vista | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 31/03/2008 11:25:42 PM | Computer Name = vista | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28/08/2010 8:35:23 PM | Computer Name = vista | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:31:33 PM on 28/08/2010 was unexpected.
Error - 28/08/2010 8:36:21 PM | Computer Name = vista | Source = Service Control Manager | ID = 7000
Description =
Error - 28/08/2010 8:49:38 PM | Computer Name = vista | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:41:17 PM on 28/08/2010 was unexpected.
Error - 28/08/2010 8:50:44 PM | Computer Name = vista | Source = Service Control Manager | ID = 7000
Description =
Error - 28/08/2010 8:56:27 PM | Computer Name = vista | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:53:24 PM on 28/08/2010 was unexpected.
Error - 28/08/2010 8:57:20 PM | Computer Name = vista | Source = Service Control Manager | ID = 7000
Description =
Error - 28/08/2010 10:34:38 PM | Computer Name = vista | Source = Service Control Manager | ID = 7030
Description =
Error - 28/08/2010 10:47:15 PM | Computer Name = vista | Source = Service Control Manager | ID = 7030
Description =
Error - 28/08/2010 10:52:45 PM | Computer Name = vista | Source = DCOM | ID = 10010
Description =
Error - 28/08/2010 11:38:36 PM | Computer Name = vista | Source = DCOM | ID = 10010
Description =
< End of report >
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
