Hello,
Our pc was infected with the Windows Security Suite and appears to have been removed with the free version of your utility. Like others, the google search is still being redirected to gala. I've included the 2 logs below. The MBAM log is from a subsequent run after the Windows Security Suite was removed (the post was too large with the log from the cleansing run of MBAM). I also wanted to note that during the run of HijackThis, I received a message that the program could not write to the hosts file and that I should edit the file via notepad. I also received a message that the hosts file was unusually large and that I should just delete it versus trying to clean it up. Along with the disclaimer that you should know what you are doing when editing a hosts file, I did nothing because not knowing what I'm doing is pretty common with todays pcs and software. I appreciate any and all help.
MBAM log
Malwarebytes' Anti-Malware 1.41
Database version: 3099
Windows 5.1.2600 Service Pack 3
11/4/2009 3:27:06 PM
mbam-log-2009-11-04 (15-27-06).txt
Scan type: Quick Scan
Objects scanned: 135871
Time elapsed: 8 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:11 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.as
O1 - Hosts: 88.198.198.204 google.at
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 88.198.198.204 google.com.jm
O1 - Hosts: 88.198.198.204 google.com.mx
O1 - Hosts: 88.198.198.204 google.com.my
O1 - Hosts: 88.198.198.204 google.com.na
O1 - Hosts: 88.198.198.204 google.com.nf
O1 - Hosts: 88.198.198.204 google.com.ng
O1 - Hosts: 88.198.198.204 google.ch
O1 - Hosts: 88.198.198.204 google.com.np
O1 - Hosts: 88.198.198.204 google.com.pr
O1 - Hosts: 88.198.198.204 google.com.qa
O1 - Hosts: 88.198.198.204 google.com.sg
O1 - Hosts: 88.198.198.204 google.com.tj
O1 - Hosts: 88.198.198.204 google.com.tw
O1 - Hosts: 88.198.198.204 google.dj
O1 - Hosts: 88.198.198.204 google.de
O1 - Hosts: 88.198.198.204 google.dk
O1 - Hosts: 88.198.198.204 google.dm
O1 - Hosts: 88.198.198.204 google.ee
O1 - Hosts: 88.198.198.204 google.fi
O1 - Hosts: 88.198.198.204 google.fm
O1 - Hosts: 88.198.198.204 google.fr
O1 - Hosts: 88.198.198.204 google.ge
O1 - Hosts: 88.198.198.204 google.gg
O1 - Hosts: 88.198.198.204 google.gm
O1 - Hosts: 88.198.198.204 google.gr
O1 - Hosts: 88.198.198.204 google.ht
O1 - Hosts: 88.198.198.204 google.ie
O1 - Hosts: 88.198.198.204 google.im
O1 - Hosts: 88.198.198.204 google.in
O1 - Hosts: 88.198.198.204 google.it
O1 - Hosts: 88.198.198.204 google.ki
O1 - Hosts: 88.198.198.204 google.la
O1 - Hosts: 88.198.198.204 google.li
O1 - Hosts: 88.198.198.204 google.lv
O1 - Hosts: 88.198.198.204 google.ma
O1 - Hosts: 88.198.198.204 google.ms
O1 - Hosts: 88.198.198.204 google.mu
O1 - Hosts: 88.198.198.204 google.mw
O1 - Hosts: 88.198.198.204 google.nl
O1 - Hosts: 88.198.198.204 google.no
O1 - Hosts: 88.198.198.204 google.nr
O1 - Hosts: 88.198.198.204 google.nu
O1 - Hosts: 88.198.198.204 google.pl
O1 - Hosts: 88.198.198.204 google.pn
O1 - Hosts: 88.198.198.204 google.pt
O1 - Hosts: 88.198.198.204 google.ro
O1 - Hosts: 88.198.198.204 google.ru
O1 - Hosts: 88.198.198.204 google.rw
O1 - Hosts: 88.198.198.204 google.sc
O1 - Hosts: 88.198.198.204 google.se
O1 - Hosts: 88.198.198.204 google.sh
O1 - Hosts: 88.198.198.204 google.si
O1 - Hosts: 88.198.198.204 google.sm
O1 - Hosts: 88.198.198.204 google.sn
O1 - Hosts: 88.198.198.204 google.st
O1 - Hosts: 88.198.198.204 google.tl
O1 - Hosts: 88.198.198.204 google.tm
O1 - Hosts: 88.198.198.204 google.tt
O1 - Hosts: 88.198.198.204 google.us
O1 - Hosts: 88.198.198.204 google.vu
O1 - Hosts: 88.198.198.204 google.ws
O1 - Hosts: 88.198.198.204 google.co.ck
O1 - Hosts: 88.198.198.204 google.co.id
O1 - Hosts: 88.198.198.204 google.co.il
O1 - Hosts: 88.198.198.204 google.co.in
O1 - Hosts: 88.198.198.204 google.co.jp
O1 - Hosts: 88.198.198.204 google.co.kr
O1 - Hosts: 88.198.198.204 google.co.ls
O1 - Hosts: 88.198.198.204 google.co.ma
O1 - Hosts: 88.198.198.204 google.co.nz
O1 - Hosts: 88.198.198.204 google.co.tz
O1 - Hosts: 88.198.198.204 google.co.ug
O1 - Hosts: 88.198.198.204 google.co.uk
O1 - Hosts: 88.198.198.204 google.co.za
O1 - Hosts: 88.198.198.204 google.co.zm
O1 - Hosts: 88.198.198.204 google.com
O1 - Hosts: 88.198.198.204 google.com.af
O1 - Hosts: 88.198.198.204 google.com.ag
O1 - Hosts: 88.198.198.204 google.com.ar
O1 - Hosts: 88.198.198.204 google.com.au
O1 - Hosts: 88.198.198.204 google.com.bn
O1 - Hosts: 88.198.198.204 google.com.br
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\Di\LOCALS~1\Temp\Xerox\EReg\EReg.exe" /Startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email03.secureserver.net/Download.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0050171257357099) (0050171257357099mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Di\LOCALS~1\Temp\005017~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
--
End of file - 16652 bytes
Full Version: Hijacked Google search provider
Hello and welcome to Malwarebytes! 
My name is Perplexus and I will be helping you fix your computer problem.
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.
Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
---------------------------------------------------------------------------------------------
------------------
Step 1:
------------------
Download the HostsXpert 4.2 - Hosts File Manager.
------------------
Step 2:
------------------
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
My name is Perplexus and I will be helping you fix your computer problem.
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.
Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
- Before beginning the fix, read this post completely. If there's anything that you do not understand, please ask your questions before proceeding as you may temporarily be disconnected from the internet. No question is considered dumb here. It's better to be safe than sorry!
- Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
- It is IMPORTANT that you do not miss a step & perform everything in the correct order/sequence.
- Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested, as it can be very dangerous and cause harm to your system.
- When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
---------------------------------------------------------------------------------------------
------------------
Step 1:
------------------
Download the HostsXpert 4.2 - Hosts File Manager.
- Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
- Run HostsXpert 4.2 - Hosts File Manager from its new home
- Click on "File Handling".
- Click on "Restore MS Hosts File".
- Click OK on the Confirmation box.
- Click on "Make Read Only?"
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
------------------
Step 2:
------------------
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware. - When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Hello Perplexus, I appreciate your time and assistance.
Following your instructions, I unzipped HostsXpert to the hard drive and proceeded to run the application.
Didn't need to click on File Handling, that was where the program opened
Received a warning - Your hosts file is marked as a "system file" and can not be manipulated. Press OK to remove system file attributes, CANCEL to quit. HostsXpert will not reset the attributes.
Clicked on OK
Received a warning - Your hosts file is marketd as a "hidden file" and can not be manipulted. Press OK to remove the hidden file attributes, CANCEL to quit. HostsXpert wil not reset the attriubtes.
Clicked OK
The contents of the hosts file was displayed.
Clicked on Restore MS Hosts File
Received Confirmation
Clicked on OK
Received Error - Cannot create file C:\windows\system32\driver\ETC\hosts
Clicked on OK
HostsXpert program closed
I believe I follow your instructions, so far, to a T. Did I miss something?
Also, how can I tell if I used a custom hosts file? Obviously, I haven't customized anything.
Following your instructions, I unzipped HostsXpert to the hard drive and proceeded to run the application.
Didn't need to click on File Handling, that was where the program opened
Received a warning - Your hosts file is marked as a "system file" and can not be manipulated. Press OK to remove system file attributes, CANCEL to quit. HostsXpert will not reset the attributes.
Clicked on OK
Received a warning - Your hosts file is marketd as a "hidden file" and can not be manipulted. Press OK to remove the hidden file attributes, CANCEL to quit. HostsXpert wil not reset the attriubtes.
Clicked OK
The contents of the hosts file was displayed.
Clicked on Restore MS Hosts File
Received Confirmation
Clicked on OK
Received Error - Cannot create file C:\windows\system32\driver\ETC\hosts
Clicked on OK
HostsXpert program closed
I believe I follow your instructions, so far, to a T. Did I miss something?
Also, how can I tell if I used a custom hosts file? Obviously, I haven't customized anything.
You weren't using a custom host file. The malware has hijacked it. Let's continue on with the ComboFix run and see what shakes out.
Moved on to the ComboFix ...
After installing Combix to the desktop, disabling McAfee and running the program, received the following warning
ComboFix has detected the following real time scanner(s) to be active: Antivirus: Windows Enterprise Suite
Antivirus and instrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking OK
Windows Enterprise Suite is the malware I'm trying to remove .... correct?
So, I clicked on OK without the means of disabling this process and received the following warning
Antivirus: Windows Enterprise Suite
The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.
Clicked OK (didn't really think I had a choice)
The ComboFix log follows
ComboFix 09-11-05.05 - Di 11/06/2009 9:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2324 [GMT -5:00]
Running from: c:\documents and settings\Di\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Windows Enterprise Suite *On-access scanning enabled* (Updated) {B34FCF14-68EF-4AE0-BFF4-9287CCA76CD9}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Windows Enterprise Suite *enabled* {AA47C571-755B-4924-AC5B-07F016289E93}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-720729663-3674832510-483646340-500
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 13:40 . 2009-11-06 13:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-11-06 13:36 . 2009-11-06 13:36 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-11-06 13:36 . 2009-11-06 13:36 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-11-06 13:36 . 2009-11-06 13:36 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-11-06 13:36 . 2009-11-06 13:36 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-11-06 13:36 . 2009-11-06 13:36 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-11-06 13:36 . 2009-11-06 13:36 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-11-06 13:36 . 2009-11-06 13:36 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-11-05 18:48 . 2009-11-05 18:49 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-11-05 18:26 . 2009-11-05 18:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-04 18:41 . 2009-11-04 18:41 -------- d-----w- c:\program files\Trend Micro
2009-11-04 17:58 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Application Data\SACore
2009-11-04 17:54 . 2009-11-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-04 17:51 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 17:51 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\McAfee.com
2009-11-04 17:50 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\Di\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:41 . 2009-11-06 13:32 -------- d-----w- c:\program files\McAfee
2009-11-04 15:41 . 2009-11-04 15:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\914fd87
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:55 . 2009-08-27 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 18:10 . 2009-08-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\alamode
2009-10-08 16:56 . 2009-09-12 14:26 2322 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-01 19:01 . 2009-10-01 19:00 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-01 19:01 . 2009-08-28 22:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-01 19:00 . 2009-10-01 19:00 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-10-01 19:00 . 2009-08-13 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 22:39 . 2009-08-13 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-16 15:22 . 2009-01-09 17:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-14 19:44 . 2009-09-14 19:38 -------- d-----w- c:\documents and settings\Di\Application Data\Apple Computer
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\program files\iTunes
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\iPod
2009-09-14 19:37 . 2009-09-14 19:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 19:37 . 2009-09-14 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\Bonjour
2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-14 17:45 . 2009-09-14 17:45 34056 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2009-09-14 17:45 . 2009-09-14 17:45 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-09-14 17:45 . 2009-09-14 17:45 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-09-14 17:45 . 2009-09-14 17:45 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-09-14 17:39 . 2009-09-14 17:39 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-09-14 17:39 . 2009-09-14 17:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2009-09-14 17:39 . 2009-09-14 17:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2009-09-12 14:17 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-09-12 14:07 . 2009-09-12 14:07 -------- d-----w- c:\program files\Common Files\supportsoft
2009-09-12 14:07 . 2009-08-13 15:09 91896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 14:04 . 2009-09-12 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-12 14:02 . 2009-09-12 13:59 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-12 13:52 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-09-10 21:49 . 2009-08-13 15:12 -------- d-----w- c:\program files\Microsoft Small Business
2009-09-10 21:48 . 2009-08-13 15:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-10 21:47 . 2009-08-13 15:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-10 21:07 . 2009-08-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\program files\Microsoft Works
2009-09-10 20:01 . 2009-08-13 14:57 -------- d-----w- c:\program files\Java
2009-09-10 20:00 . 2009-09-10 20:00 152576 ----a-w- c:\documents and settings\Di\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-10 18:54 . 2009-08-29 00:03 -------- d-----w- c:\program files\a la mode
2009-09-09 21:34 . 2009-09-09 21:34 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Desktop Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-09 01:43 . 2009-09-09 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-08-31 18:25 . 2009-08-31 18:25 1886320 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM120.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM112.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM105.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM100.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM090.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM080.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ADATA095.fot
2009-08-27 02:12 . 2009-08-27 02:12 125 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\fusioncache.dat
2009-08-13 15:09 . 2009-09-12 14:11 83904 ----a-w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:09 . 2009-08-26 22:21 83904 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:01 . 2009-08-13 15:01 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2009-08-13 15:01 . 2009-08-13 15:01 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2009-08-13 14:55 . 2009-09-12 14:11 10134 ----a-r- c:\documents and settings\QBDataServiceUser19\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:21 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:20 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-13 14:55 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:48 . 2009-08-13 14:48 319488 ----a-w- c:\windows\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-23 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-24 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
"Alcmtr"="ALCMTR.EXE" - c:\windows\ALCMTR.EXE [2008-06-19 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brastk.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 11:43 AM 210216]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 9:51 AM 64064]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R3 QuickBooksDB19;QuickBooksDB19;c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 4:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - MCODS
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
2009-11-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-11-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
2009-08-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 09:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-XeroxRegistation - c:\docume~1\Di\LOCALS~1\Temp\Xerox\EReg\EReg.exe
HKLM-Run-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 09:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-11-06 9:10
ComboFix-quarantined-files.txt 2009-11-06 14:10
Pre-Run: 222,690,254,848 bytes free
Post-Run: 222,925,139,968 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5389CC2607AF13F535FC89790759E428
After installing Combix to the desktop, disabling McAfee and running the program, received the following warning
ComboFix has detected the following real time scanner(s) to be active: Antivirus: Windows Enterprise Suite
Antivirus and instrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking OK
Windows Enterprise Suite is the malware I'm trying to remove .... correct?
So, I clicked on OK without the means of disabling this process and received the following warning
Antivirus: Windows Enterprise Suite
The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.
Clicked OK (didn't really think I had a choice)
The ComboFix log follows
ComboFix 09-11-05.05 - Di 11/06/2009 9:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2324 [GMT -5:00]
Running from: c:\documents and settings\Di\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Windows Enterprise Suite *On-access scanning enabled* (Updated) {B34FCF14-68EF-4AE0-BFF4-9287CCA76CD9}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Windows Enterprise Suite *enabled* {AA47C571-755B-4924-AC5B-07F016289E93}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-720729663-3674832510-483646340-500
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 13:40 . 2009-11-06 13:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-11-06 13:36 . 2009-11-06 13:36 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-11-06 13:36 . 2009-11-06 13:36 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-11-06 13:36 . 2009-11-06 13:36 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-11-06 13:36 . 2009-11-06 13:36 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-11-06 13:36 . 2009-11-06 13:36 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-11-06 13:36 . 2009-11-06 13:36 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-11-06 13:36 . 2009-11-06 13:36 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-11-05 18:48 . 2009-11-05 18:49 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-11-05 18:26 . 2009-11-05 18:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-04 18:41 . 2009-11-04 18:41 -------- d-----w- c:\program files\Trend Micro
2009-11-04 17:58 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Application Data\SACore
2009-11-04 17:54 . 2009-11-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-04 17:51 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 17:51 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\McAfee.com
2009-11-04 17:50 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\Di\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:41 . 2009-11-06 13:32 -------- d-----w- c:\program files\McAfee
2009-11-04 15:41 . 2009-11-04 15:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\914fd87
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:55 . 2009-08-27 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 18:10 . 2009-08-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\alamode
2009-10-08 16:56 . 2009-09-12 14:26 2322 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-01 19:01 . 2009-10-01 19:00 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-01 19:01 . 2009-08-28 22:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-01 19:00 . 2009-10-01 19:00 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-10-01 19:00 . 2009-08-13 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 22:39 . 2009-08-13 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-16 15:22 . 2009-01-09 17:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-14 19:44 . 2009-09-14 19:38 -------- d-----w- c:\documents and settings\Di\Application Data\Apple Computer
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\program files\iTunes
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\iPod
2009-09-14 19:37 . 2009-09-14 19:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 19:37 . 2009-09-14 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\Bonjour
2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-14 17:45 . 2009-09-14 17:45 34056 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2009-09-14 17:45 . 2009-09-14 17:45 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-09-14 17:45 . 2009-09-14 17:45 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-09-14 17:45 . 2009-09-14 17:45 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-09-14 17:39 . 2009-09-14 17:39 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-09-14 17:39 . 2009-09-14 17:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2009-09-14 17:39 . 2009-09-14 17:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2009-09-12 14:17 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-09-12 14:07 . 2009-09-12 14:07 -------- d-----w- c:\program files\Common Files\supportsoft
2009-09-12 14:07 . 2009-08-13 15:09 91896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 14:04 . 2009-09-12 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-12 14:02 . 2009-09-12 13:59 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-12 13:52 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-09-10 21:49 . 2009-08-13 15:12 -------- d-----w- c:\program files\Microsoft Small Business
2009-09-10 21:48 . 2009-08-13 15:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-10 21:47 . 2009-08-13 15:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-10 21:07 . 2009-08-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\program files\Microsoft Works
2009-09-10 20:01 . 2009-08-13 14:57 -------- d-----w- c:\program files\Java
2009-09-10 20:00 . 2009-09-10 20:00 152576 ----a-w- c:\documents and settings\Di\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-10 18:54 . 2009-08-29 00:03 -------- d-----w- c:\program files\a la mode
2009-09-09 21:34 . 2009-09-09 21:34 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Desktop Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-09 01:43 . 2009-09-09 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-08-31 18:25 . 2009-08-31 18:25 1886320 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM120.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM112.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM105.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM100.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM090.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM080.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ADATA095.fot
2009-08-27 02:12 . 2009-08-27 02:12 125 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\fusioncache.dat
2009-08-13 15:09 . 2009-09-12 14:11 83904 ----a-w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:09 . 2009-08-26 22:21 83904 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:01 . 2009-08-13 15:01 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2009-08-13 15:01 . 2009-08-13 15:01 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2009-08-13 14:55 . 2009-09-12 14:11 10134 ----a-r- c:\documents and settings\QBDataServiceUser19\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:21 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:20 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-13 14:55 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:48 . 2009-08-13 14:48 319488 ----a-w- c:\windows\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-23 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-24 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
"Alcmtr"="ALCMTR.EXE" - c:\windows\ALCMTR.EXE [2008-06-19 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brastk.exe]
"Debugger"=svchost.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 11:43 AM 210216]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 9:51 AM 64064]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R3 QuickBooksDB19;QuickBooksDB19;c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 4:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - MCODS
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
2009-11-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-11-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
2009-08-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 09:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-XeroxRegistation - c:\docume~1\Di\LOCALS~1\Temp\Xerox\EReg\EReg.exe
HKLM-Run-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 09:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-11-06 9:10
ComboFix-quarantined-files.txt 2009-11-06 14:10
Pre-Run: 222,690,254,848 bytes free
Post-Run: 222,925,139,968 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5389CC2607AF13F535FC89790759E428
Let's take a closer look. Are you still being redirected?
------------------
Step 1:
------------------
Download TFC by OldTimer to your desktop
Note: It is a good idea to run TFC to clear out all your temp files every now and again. This helps to keep your computer running more efficiently. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.
------------------
Step 2:
------------------
Download RootRepeal from one of the following locations:
Unzip it to your Desktop.Click the OK button In the next dialog, select all drives showing Click OK to start the scan
When the scan is complete, the Save Report button will become available Click this and save the report to your Desktop as RootRepeal.txt Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
To attach a file, do the following:
------------------
Step 3:
------------------
------------------
Step 4:
------------------
Please post back with the following:
------------------
Step 1:
------------------
Download TFC by OldTimer to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Note: It is a good idea to run TFC to clear out all your temp files every now and again. This helps to keep your computer running more efficiently. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.
------------------
Step 2:
------------------
Download RootRepeal from one of the following locations:
- Location 1 (Zip File)
- Location 2 (Zip File)
- Location 3 (RAR File)
- Location 4 (Zip File)
- Location 5 (RAR File)
Unzip it to your Desktop.
- Double click RootRepeal.exe to start the program
- Click on the Report tab at the bottom of the program window
- Click the Scan button
- In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Note: The scan can take some time. DO NOT run any other programs while the scan is running
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
To attach a file, do the following:
- Click Add Reply
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on
to insert the attachment into your post
------------------
Step 3:
------------------
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5 - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
------------------
Step 4:
------------------
Please post back with the following:
- How your machine is running
- RootRepeal.txt
- OTL.txt
- Extras.txt
The system appears to have ended any redirects of Google searches to the GALA search engine. Also, I noticed (prior to your help on this matter) that IE was running very slow. Now, it appears to run normal.
However, I am now a little concerned over the hosts file and the fact that ComboFix reported seeing the Windows Enterprise Suite as a viable anit-virius program running on this pc.
I have attached the RootRepeal report file and the OTL.txt and Extras.txt files are as follows:
OTL logfile created on: 11/6/2009 5:15:24 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.64 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll (Lenovo Group Limited)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SessionLauncher) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (6575 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.as
O1 - Hosts: 88.198.198.204 google.at
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 88.198.198.204 google.com.jm
O1 - Hosts: 88.198.198.204 google.com.mx
O1 - Hosts: 88.198.198.204 google.com.my
O1 - Hosts: 88.198.198.204 google.com.na
O1 - Hosts: 88.198.198.204 google.com.nf
O1 - Hosts: 88.198.198.204 google.com.ng
O1 - Hosts: 193 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/21 17:02:06 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 09:03:21 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager
[2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes
[2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
========== Files - Modified Within 30 Days ==========
[2009/11/06 16:25:39 | 00,007,005 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/06 16:25:32 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 16:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 16:24:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 16:24:44 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 16:24:12 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT
[2009/11/06 16:23:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini
[2009/11/06 16:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 15:26:10 | 00,041,538 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 15:26:10 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:08:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/06 08:51:34 | 03,562,655 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 12:20:46 | 00,006,575 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 11:38:20 | 07,475,184 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 15:26:09 | 00,041,538 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 08:51:31 | 03,562,655 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:22 | 00,007,005 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat
[2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini
[2009/08/26 17:21:17 | 07,475,184 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== LOP Check ==========
[2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr
[2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo
[2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search
[2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search
[2009/11/06 16:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/06 16:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
< End of report >
OTL Extras logfile created on: 11/6/2009 5:15:24 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.64 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe:*:Enabled:Aurora MSDE Database -- (Microsoft Corporation)
"C:\Program Files\a la mode\Sched\eSched.exe" = C:\Program Files\a la mode\Sched\eSched.exe:*:Enabled:a la mode Assistant -- (a la mode, inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkVantage Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B5DED6-E58F-43FA-BBBC-D64170B32C29}" = XSite Order Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (ALAMODE)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"InstallShield_{A5B5DED6-E58F-43FA-BBBC-D64170B32C29}" = XSite Order Manager
"InstallShield_{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo System Toolbox
"PDF-XChange 3_is1" = PDF-XChange 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/16/2009 6:25:55 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/16/2009 6:25:55 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/16/2009 6:26:14 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt
to LogOff without a logo
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:26 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt
to LogOff without a logo
Error - 9/22/2009 10:55:17 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Trying to
process a record 35 : Accounts Payable for List Review edlist without actually
being in a write transacti
Error - 9/24/2009 4:47:55 PM | Computer Name = DIANE | Source = Application Hang | ID = 1002
Description = Hanging application Winform.exe, version 1.1.0.307, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/15/2009 9:56:22 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 10/17/2009 2:11:05 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 10/17/2009 2:12:09 PM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/1/2009 9:40:40 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 11/1/2009 9:41:45 AM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/1/2009 9:52:28 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 11/1/2009 12:17:42 PM | Computer Name = DIANE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{26AE27C0-55F9-4D41-9D0A-C17D815B9703}. The
backup browser is stopping.
Error - 11/3/2009 11:23:21 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 11/3/2009 11:24:25 AM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/4/2009 11:32:24 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
< End of report >
However, I am now a little concerned over the hosts file and the fact that ComboFix reported seeing the Windows Enterprise Suite as a viable anit-virius program running on this pc.
I have attached the RootRepeal report file and the OTL.txt and Extras.txt files are as follows:
OTL logfile created on: 11/6/2009 5:15:24 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.64 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll (Lenovo Group Limited)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SessionLauncher) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (6575 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.as
O1 - Hosts: 88.198.198.204 google.at
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 88.198.198.204 google.com.jm
O1 - Hosts: 88.198.198.204 google.com.mx
O1 - Hosts: 88.198.198.204 google.com.my
O1 - Hosts: 88.198.198.204 google.com.na
O1 - Hosts: 88.198.198.204 google.com.nf
O1 - Hosts: 88.198.198.204 google.com.ng
O1 - Hosts: 193 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/21 17:02:06 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 09:03:21 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager
[2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes
[2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
========== Files - Modified Within 30 Days ==========
[2009/11/06 16:25:39 | 00,007,005 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/06 16:25:32 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 16:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 16:24:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 16:24:44 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 16:24:12 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT
[2009/11/06 16:23:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini
[2009/11/06 16:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 15:26:10 | 00,041,538 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 15:26:10 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:08:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/06 08:51:34 | 03,562,655 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 12:20:46 | 00,006,575 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 11:38:20 | 07,475,184 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 15:26:09 | 00,041,538 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 08:51:31 | 03,562,655 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:22 | 00,007,005 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat
[2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini
[2009/08/26 17:21:17 | 07,475,184 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== LOP Check ==========
[2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr
[2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo
[2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search
[2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search
[2009/11/06 16:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/06 16:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
< End of report >
OTL Extras logfile created on: 11/6/2009 5:15:24 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.64 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe:*:Enabled:Aurora MSDE Database -- (Microsoft Corporation)
"C:\Program Files\a la mode\Sched\eSched.exe" = C:\Program Files\a la mode\Sched\eSched.exe:*:Enabled:a la mode Assistant -- (a la mode, inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkVantage Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B5DED6-E58F-43FA-BBBC-D64170B32C29}" = XSite Order Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (ALAMODE)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"InstallShield_{A5B5DED6-E58F-43FA-BBBC-D64170B32C29}" = XSite Order Manager
"InstallShield_{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo System Toolbox
"PDF-XChange 3_is1" = PDF-XChange 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/16/2009 6:25:55 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/16/2009 6:25:55 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/16/2009 6:26:14 PM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt
to LogOff without a logo
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:06 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 9/22/2009 10:37:26 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt
to LogOff without a logo
Error - 9/22/2009 10:55:17 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Trying to
process a record 35 : Accounts Payable for List Review edlist without actually
being in a write transacti
Error - 9/24/2009 4:47:55 PM | Computer Name = DIANE | Source = Application Hang | ID = 1002
Description = Hanging application Winform.exe, version 1.1.0.307, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/15/2009 9:56:22 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 10/17/2009 2:11:05 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 10/17/2009 2:12:09 PM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/1/2009 9:40:40 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 11/1/2009 9:41:45 AM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/1/2009 9:52:28 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 11/1/2009 12:17:42 PM | Computer Name = DIANE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{26AE27C0-55F9-4D41-9D0A-C17D815B9703}. The
backup browser is stopping.
Error - 11/3/2009 11:23:21 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 11/3/2009 11:24:25 AM | Computer Name = DIANE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/4/2009 11:32:24 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
< End of report >
Ok, everything is looking alot better. Let's try and take care of hosts file and get clean up some stuff to get rid of Windows Enterprise Suite.
As a side note, I will be out of pocket for the weekend but I will try and check when I can
------------------
Step 1:
------------------
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
------------------
Step 2:
------------------
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Enter Safe Mode and do the following:
Now reboot the machine as normal.
------------------
Step 3:
------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
------------------
Step 4:
------------------
Rerun OTL and post a fresh OTL.txt log.
------------------
Step 5:
------------------
Please post back with the following:
As a side note, I will be out of pocket for the weekend but I will try and check when I can
------------------
Step 1:
------------------
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
------------------
Step 2:
------------------
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Enter Safe Mode and do the following:
- Run HostsXpert 4.2 - Hosts File Manager from its new home
- Click on "File Handling".
- Click on "Restore MS Hosts File".
- Click OK on the Confirmation box.
- Click on "Make Read Only?"
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Now reboot the machine as normal.
------------------
Step 3:
------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
CODE
SecCenter::
AV: Windows Enterprise Suite *On-access scanning enabled* (Updated) {B34FCF14-68EF-4AE0-BFF4-9287CCA76CD9}
FW: Windows Enterprise Suite *enabled* {AA47C571-755B-4924-AC5B-07F016289E93}
AV: Windows Enterprise Suite *On-access scanning enabled* (Updated) {B34FCF14-68EF-4AE0-BFF4-9287CCA76CD9}
FW: Windows Enterprise Suite *enabled* {AA47C571-755B-4924-AC5B-07F016289E93}
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
------------------
Step 4:
------------------
Rerun OTL and post a fresh OTL.txt log.
------------------
Step 5:
------------------
Please post back with the following:
- How your machine is running
- log.txt
- How HostsXpert did
- ComboFix.txt
- OTL.txt
Have a great weekend! I'll have the results for you when you get back.
The machine appears to be running just fine. No real problems to note. I know the hosts file is a system/hidden file, but can't I set the options for something like windows explorer to see this file? I'm just curious as to whether this file can just be deleted, but I haven't been able to actually see it listed in the folder.
BTW, I hope you had a good weekend!
exeHelper logfile follows ..
exeHelper by Raktor
Build 20091021
Run at 08:50:42 on 11/07/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
The running of HosteXpert ran the exact same way as before ..
Received a warning - Your hosts file is marked as a "system file" and can not be manipulated. Press OK to remove system file attributes, CANCEL to quit. HostsXpert will not reset the attributes.
Clicked on OK
Received a warning - Your hosts file is marketd as a "hidden file" and can not be manipulted. Press OK to remove the hidden file attributes, CANCEL to quit. HostsXpert wil not reset the attriubtes.
Clicked OK
The contents of the hosts file was displayed.
Clicked on Restore MS Hosts File
Received Confirmation
Clicked on OK
Received Error - Cannot create file C:\windows\system32\driver\ETC\hosts
Clicked on OK
HostsXpert program closed
The ComboFix log file follows ..
ComboFix 09-11-07.02 - Di 11/07/2009 22:48.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2297 [GMT -5:00]
Running from: c:\documents and settings\Di\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Di\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.
2009-11-06 21:20 . 2009-11-06 21:45 -------- d-----w- C:\RootRepeal
2009-11-06 21:20 . 2009-11-06 21:20 0 ----a-w- c:\documents and settings\Di\settings.dat
2009-11-06 13:40 . 2009-11-06 13:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-11-06 13:36 . 2009-11-06 13:36 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-11-06 13:36 . 2009-11-06 13:36 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-11-06 13:36 . 2009-11-06 13:36 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-11-06 13:36 . 2009-11-06 13:36 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-11-06 13:36 . 2009-11-06 13:36 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-11-06 13:36 . 2009-11-06 13:36 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-11-06 13:36 . 2009-11-06 13:36 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-11-05 18:48 . 2009-11-05 18:49 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-11-05 18:26 . 2009-11-05 18:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-04 18:41 . 2009-11-04 18:41 -------- d-----w- c:\program files\Trend Micro
2009-11-04 17:58 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Application Data\SACore
2009-11-04 17:54 . 2009-11-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-04 17:51 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 17:51 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\McAfee.com
2009-11-04 17:50 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\Di\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:41 . 2009-11-06 13:32 -------- d-----w- c:\program files\McAfee
2009-11-04 15:41 . 2009-11-04 15:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\914fd87
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:55 . 2009-08-27 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 18:10 . 2009-08-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\alamode
2009-10-08 16:56 . 2009-09-12 14:26 2322 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-01 19:01 . 2009-10-01 19:00 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-01 19:01 . 2009-08-28 22:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-01 19:00 . 2009-10-01 19:00 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-10-01 19:00 . 2009-08-13 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 22:39 . 2009-08-13 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-16 15:22 . 2009-01-09 17:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-14 19:44 . 2009-09-14 19:38 -------- d-----w- c:\documents and settings\Di\Application Data\Apple Computer
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\program files\iTunes
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\iPod
2009-09-14 19:37 . 2009-09-14 19:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 19:37 . 2009-09-14 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\Bonjour
2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-14 17:45 . 2009-09-14 17:45 34056 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2009-09-14 17:45 . 2009-09-14 17:45 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-09-14 17:45 . 2009-09-14 17:45 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-09-14 17:45 . 2009-09-14 17:45 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-09-14 17:39 . 2009-09-14 17:39 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-09-14 17:39 . 2009-09-14 17:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2009-09-14 17:39 . 2009-09-14 17:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2009-09-12 14:17 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-09-12 14:07 . 2009-09-12 14:07 -------- d-----w- c:\program files\Common Files\supportsoft
2009-09-12 14:07 . 2009-08-13 15:09 91896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 14:04 . 2009-09-12 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-12 14:02 . 2009-09-12 13:59 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-12 13:52 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-09-10 21:49 . 2009-08-13 15:12 -------- d-----w- c:\program files\Microsoft Small Business
2009-09-10 21:48 . 2009-08-13 15:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-10 21:47 . 2009-08-13 15:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-10 21:07 . 2009-08-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\program files\Microsoft Works
2009-09-10 20:01 . 2009-08-13 14:57 -------- d-----w- c:\program files\Java
2009-09-10 20:00 . 2009-09-10 20:00 152576 ----a-w- c:\documents and settings\Di\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-10 18:54 . 2009-08-29 00:03 -------- d-----w- c:\program files\a la mode
2009-09-09 21:34 . 2009-09-09 21:34 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Desktop Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-09 01:43 . 2009-09-09 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-08-31 18:25 . 2009-08-31 18:25 1886320 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM120.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM112.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM105.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM100.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM090.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM080.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ADATA095.fot
2009-08-27 02:12 . 2009-08-27 02:12 125 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\fusioncache.dat
2009-08-13 15:09 . 2009-09-12 14:11 83904 ----a-w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:09 . 2009-08-26 22:21 83904 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:01 . 2009-08-13 15:01 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2009-08-13 15:01 . 2009-08-13 15:01 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2009-08-13 14:55 . 2009-09-12 14:11 10134 ----a-r- c:\documents and settings\QBDataServiceUser19\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:21 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:20 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-13 14:55 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:48 . 2009-08-13 14:48 319488 ----a-w- c:\windows\HideWin.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-11-06_14.08.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 14:10 . 2009-11-07 14:10 16384 c:\windows\Temp\Perflib_Perfdata_b98.dat
+ 2009-11-07 14:10 . 2009-11-07 14:10 16384 c:\windows\Temp\Perflib_Perfdata_80c.dat
+ 2009-08-26 20:53 . 2009-11-08 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-26 20:53 . 2009-11-06 13:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-06 17:47 . 2009-11-08 03:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-26 20:53 . 2009-11-06 13:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-23 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-24 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 11:43 AM 210216]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 9:51 AM 64064]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R3 QuickBooksDB19;QuickBooksDB19;c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 4:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
2009-11-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-11-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
2009-08-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 09:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 22:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(5680)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-08 22:53
ComboFix-quarantined-files.txt 2009-11-08 03:53
ComboFix2.txt 2009-11-06 14:10
Pre-Run: 222,932,140,032 bytes free
Post-Run: 222,901,211,136 bytes free
- - End Of File - - 3879AE236D2C7B720D6604C56317AF74
The OTL logfile follows ..
OTL logfile created on: 11/7/2009 10:57:21 PM - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.61 Gb Free Space | 90.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SessionLauncher) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (6575 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.as
O1 - Hosts: 88.198.198.204 google.at
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 88.198.198.204 google.com.jm
O1 - Hosts: 88.198.198.204 google.com.mx
O1 - Hosts: 88.198.198.204 google.com.my
O1 - Hosts: 88.198.198.204 google.com.na
O1 - Hosts: 88.198.198.204 google.com.nf
O1 - Hosts: 88.198.198.204 google.com.ng
O1 - Hosts: 193 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager
[2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes
[2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
========== Files - Modified Within 30 Days ==========
[2009/11/07 22:54:36 | 00,007,005 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/07 22:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 22:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/07 22:38:58 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/07 14:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/07 09:10:54 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 09:10:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 09:10:12 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 08:57:15 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT
[2009/11/07 08:56:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini
[2009/11/06 23:38:11 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 17:25:08 | 00,041,538 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 17:25:08 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 12:20:46 | 00,006,575 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 11:38:20 | 07,475,184 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2009/11/07 09:10:12 | 31,847,75168 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/06 23:38:10 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 17:25:07 | 00,041,538 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 08:51:31 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:22 | 00,007,005 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat
[2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini
[2009/08/26 17:21:17 | 07,475,184 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== LOP Check ==========
[2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr
[2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo
[2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search
[2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search
[2009/11/07 14:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/07 22:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
BTW, I hope you had a good weekend!
exeHelper logfile follows ..
exeHelper by Raktor
Build 20091021
Run at 08:50:42 on 11/07/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
The running of HosteXpert ran the exact same way as before ..
Received a warning - Your hosts file is marked as a "system file" and can not be manipulated. Press OK to remove system file attributes, CANCEL to quit. HostsXpert will not reset the attributes.
Clicked on OK
Received a warning - Your hosts file is marketd as a "hidden file" and can not be manipulted. Press OK to remove the hidden file attributes, CANCEL to quit. HostsXpert wil not reset the attriubtes.
Clicked OK
The contents of the hosts file was displayed.
Clicked on Restore MS Hosts File
Received Confirmation
Clicked on OK
Received Error - Cannot create file C:\windows\system32\driver\ETC\hosts
Clicked on OK
HostsXpert program closed
The ComboFix log file follows ..
ComboFix 09-11-07.02 - Di 11/07/2009 22:48.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2297 [GMT -5:00]
Running from: c:\documents and settings\Di\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Di\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.
2009-11-06 21:20 . 2009-11-06 21:45 -------- d-----w- C:\RootRepeal
2009-11-06 21:20 . 2009-11-06 21:20 0 ----a-w- c:\documents and settings\Di\settings.dat
2009-11-06 13:40 . 2009-11-06 13:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-11-06 13:36 . 2009-11-06 13:36 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-11-06 13:36 . 2009-11-06 13:36 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-11-06 13:36 . 2009-11-06 13:36 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-11-06 13:36 . 2009-11-06 13:36 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-11-06 13:36 . 2009-11-06 13:36 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-11-06 13:36 . 2009-11-06 13:36 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-11-06 13:36 . 2009-11-06 13:36 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-11-06 13:36 . 2009-11-06 13:36 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2009-11-06 13:36 . 2009-11-06 13:36 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-11-05 18:48 . 2009-11-05 18:49 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-11-05 18:26 . 2009-11-05 18:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-04 18:41 . 2009-11-04 18:41 -------- d-----w- c:\program files\Trend Micro
2009-11-04 17:58 . 2009-11-04 17:58 -------- d-----w- c:\documents and settings\QBDataServiceUser19\Application Data\SACore
2009-11-04 17:54 . 2009-11-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-04 17:51 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 17:51 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 17:51 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\McAfee.com
2009-11-04 17:50 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\Di\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 17:39 . 2009-11-04 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:41 . 2009-11-06 13:32 -------- d-----w- c:\program files\McAfee
2009-11-04 15:41 . 2009-11-04 15:41 -------- d-sh--w- c:\documents and settings\All Users\Application Data\914fd87
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:55 . 2009-08-27 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 18:10 . 2009-08-30 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\alamode
2009-10-08 16:56 . 2009-09-12 14:26 2322 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-01 19:01 . 2009-10-01 19:00 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-01 19:01 . 2009-08-28 22:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-01 19:00 . 2009-10-01 19:00 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-10-01 19:00 . 2009-08-13 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 22:39 . 2009-08-13 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-16 15:22 . 2009-01-09 17:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-14 19:44 . 2009-09-14 19:38 -------- d-----w- c:\documents and settings\Di\Application Data\Apple Computer
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\program files\iTunes
2009-09-14 19:38 . 2009-09-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\iPod
2009-09-14 19:37 . 2009-09-14 19:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 19:37 . 2009-09-14 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-14 19:37 . 2009-09-14 19:37 -------- d-----w- c:\program files\Bonjour
2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\QuickTime
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 19:35 . 2009-09-14 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-14 17:45 . 2009-09-14 17:45 34056 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2009-09-14 17:45 . 2009-09-14 17:45 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-09-14 17:45 . 2009-09-14 17:45 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-09-14 17:45 . 2009-09-14 17:45 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-09-14 17:39 . 2009-09-14 17:39 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-09-14 17:39 . 2009-09-14 17:39 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2009-09-14 17:39 . 2009-09-14 17:39 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2009-09-12 14:17 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-09-12 14:07 . 2009-09-12 14:07 -------- d-----w- c:\program files\Common Files\supportsoft
2009-09-12 14:07 . 2009-08-13 15:09 91896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 14:04 . 2009-09-12 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-09-12 14:02 . 2009-09-12 13:59 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-12 13:52 . 2009-09-12 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-09-10 21:49 . 2009-08-13 15:12 -------- d-----w- c:\program files\Microsoft Small Business
2009-09-10 21:48 . 2009-08-13 15:07 -------- d-----w- c:\program files\Microsoft.NET
2009-09-10 21:47 . 2009-08-13 15:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-10 21:07 . 2009-08-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\program files\Microsoft Works
2009-09-10 20:01 . 2009-08-13 14:57 -------- d-----w- c:\program files\Java
2009-09-10 20:00 . 2009-09-10 20:00 152576 ----a-w- c:\documents and settings\Di\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-10 18:54 . 2009-08-29 00:03 -------- d-----w- c:\program files\a la mode
2009-09-09 21:34 . 2009-09-09 21:34 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\Di\Application Data\Windows Desktop Search
2009-09-09 19:52 . 2009-09-09 19:52 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-09 01:43 . 2009-09-09 01:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-08-31 18:25 . 2009-08-31 18:25 1886320 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM120.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM112.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM105.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM100.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM090.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\AFORM080.fot
2009-08-29 00:03 . 2009-08-29 00:03 1409 ----a-w- c:\windows\Fonts\ADATA095.fot
2009-08-27 02:12 . 2009-08-27 02:12 125 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\fusioncache.dat
2009-08-13 15:09 . 2009-09-12 14:11 83904 ----a-w- c:\documents and settings\QBDataServiceUser19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:09 . 2009-08-26 22:21 83904 ----a-w- c:\documents and settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 15:01 . 2009-08-13 15:01 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2009-08-13 15:01 . 2009-08-13 15:01 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2009-08-13 14:55 . 2009-09-12 14:11 10134 ----a-r- c:\documents and settings\QBDataServiceUser19\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:21 10134 ----a-r- c:\documents and settings\Di\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-26 22:20 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:55 . 2009-08-13 14:55 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-08-13 14:48 . 2009-08-13 14:48 319488 ----a-w- c:\windows\HideWin.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-11-06_14.08.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 14:10 . 2009-11-07 14:10 16384 c:\windows\Temp\Perflib_Perfdata_b98.dat
+ 2009-11-07 14:10 . 2009-11-07 14:10 16384 c:\windows\Temp\Perflib_Perfdata_80c.dat
+ 2009-08-26 20:53 . 2009-11-08 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-26 20:53 . 2009-11-06 13:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-06 17:47 . 2009-11-08 03:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-26 20:53 . 2009-11-06 13:37 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-23 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-24 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 PM 46144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 11:43 AM 210216]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/13/2009 9:51 AM 64064]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
R3 QuickBooksDB19;QuickBooksDB19;c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 4:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
2009-11-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-11-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
2009-08-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
2009-08-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-13 09:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 22:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(5680)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-08 22:53
ComboFix-quarantined-files.txt 2009-11-08 03:53
ComboFix2.txt 2009-11-06 14:10
Pre-Run: 222,932,140,032 bytes free
Post-Run: 222,901,211,136 bytes free
- - End Of File - - 3879AE236D2C7B720D6604C56317AF74
The OTL logfile follows ..
OTL logfile created on: 11/7/2009 10:57:21 PM - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.61 Gb Free Space | 90.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SessionLauncher) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (6575 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.as
O1 - Hosts: 88.198.198.204 google.at
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 88.198.198.204 google.com.jm
O1 - Hosts: 88.198.198.204 google.com.mx
O1 - Hosts: 88.198.198.204 google.com.my
O1 - Hosts: 88.198.198.204 google.com.na
O1 - Hosts: 88.198.198.204 google.com.nf
O1 - Hosts: 88.198.198.204 google.com.ng
O1 - Hosts: 193 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager
[2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes
[2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
========== Files - Modified Within 30 Days ==========
[2009/11/07 22:54:36 | 00,007,005 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/07 22:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 22:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/07 22:38:58 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/07 14:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/07 09:10:54 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 09:10:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/07 09:10:12 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 08:57:15 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT
[2009/11/07 08:56:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini
[2009/11/06 23:38:11 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 17:25:08 | 00,041,538 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 17:25:08 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 12:20:46 | 00,006,575 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 11:38:20 | 07,475,184 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2009/11/07 09:10:12 | 31,847,75168 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/06 23:38:10 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 17:25:07 | 00,041,538 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 08:51:31 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:22 | 00,007,005 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat
[2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini
[2009/08/26 17:21:17 | 07,475,184 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== LOP Check ==========
[2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr
[2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo
[2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search
[2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search
[2009/11/07 14:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/07 22:53:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
I had a great weekend, thanks for asking Hope yours went well too
We don't want to delete the file, but let's try to manually fix it.
Show System Files
Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.
Using notepad, bring up C:\windows\system32\driver\ETC\hosts
Delete all entries in that file except for:
127.0.0.1 localhost
Save it.
Post a fresh OTL log.
Hope yours went well too We don't want to delete the file, but let's try to manually fix it.
Show System Files
Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.
Using notepad, bring up C:\windows\system32\driver\ETC\hosts
Delete all entries in that file except for:
127.0.0.1 localhost
Save it.
Post a fresh OTL log.
I had a great weekend also 
Unfortunately, I had little success editing the hosts file. After changing the folder view as you instructed and unsuccessfully saving the hosts file, I checked the properties of the file and also removed the check for the read-only attribute. I was still not able to save the file after editing it. The message I received each time was:
Cannot create C:\WINDOWS\system32\drivers\etc\hosts file
Make sure that the path and filename are correct.
Also, now that I can see the file (thanks, I thought there was a way to see system/hidden files), it has a creation date of 11/04/2009 and time of around 5 pm. Approximately the same day and time things weren't looking good on this end.
Please don't get discouraged, you're my only hope in fixing this thing.
Unfortunately, I had little success editing the hosts file. After changing the folder view as you instructed and unsuccessfully saving the hosts file, I checked the properties of the file and also removed the check for the read-only attribute. I was still not able to save the file after editing it. The message I received each time was:
Cannot create C:\WINDOWS\system32\drivers\etc\hosts file
Make sure that the path and filename are correct.
Also, now that I can see the file (thanks, I thought there was a way to see system/hidden files), it has a creation date of 11/04/2009 and time of around 5 pm. Approximately the same day and time things weren't looking good on this end.
Please don't get discouraged, you're my only hope in fixing this thing.
I promise I won't get discouraged 
We'll get this done! I have several ways to go about this but I don't want to do heart surgery if I can do it with a bandage!
Let's try this next:
Reboot and hit the F8 key early and often. Choose Safe Mode.
Open Windows explorer to the folder: \Windows\System32\Drivers\etc
Right click on HOSTS (it should have no file extension)
Sharing and Security
Security tab
Make sure you as a user, and/or "Administrator" has full permissions on the file. If not, change the permissions to Full.
Using notepad, bring up C:\windows\system32\driver\ETC\hosts
Delete all entries in that file except for:
127.0.0.1 localhost
Save it.
Post a fresh OTL log.
IF that doesn't work, please run this and post back the log:
Download Security Check by screen317 from here or here.
We'll get this done! I have several ways to go about this but I don't want to do heart surgery if I can do it with a bandage!Let's try this next:
Reboot and hit the F8 key early and often. Choose Safe Mode.
Open Windows explorer to the folder: \Windows\System32\Drivers\etc
Right click on HOSTS (it should have no file extension)
Sharing and Security
Security tab
Make sure you as a user, and/or "Administrator" has full permissions on the file. If not, change the permissions to Full.
Using notepad, bring up C:\windows\system32\driver\ETC\hosts
Delete all entries in that file except for:
127.0.0.1 localhost
Save it.
Post a fresh OTL log.
IF that doesn't work, please run this and post back the log:
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Hey brudi,
In the interest of time and getting you back up and clean, I've added a Plan B here in case the above did not work.
Run OTL
In the interest of time and getting you back up and clean, I've added a Plan B here in case the above did not work.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I understand completely, I'd rather not have you do heart surgery either 
I'm sorry this is going slower than you probably expect, I'm making every attempt to return to this matter as soon as I possibly can.
The hosts file editing went well, I also had to uncheck the read-only attribute (I may have missed this before), on the general tab, when looking at the properties of the hosts file.
The OTL log follows ...
OTL logfile created on: 11/9/2009 11:43:28 AM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.55 Gb Free Space | 90.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll (Lenovo Group Limited)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SessionLauncher) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (19 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager
[2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes
[2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
========== Files - Modified Within 30 Days ==========
[2009/11/09 11:40:43 | 00,007,331 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/09 11:40:28 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/09 11:39:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 11:39:56 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 11:39:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 11:39:24 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT
[2009/11/09 11:39:24 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini
[2009/11/09 11:39:22 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/11/09 11:38:16 | 00,000,019 | -HS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/09 11:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/09 11:19:00 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2009/11/09 11:18:59 | 00,041,541 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2009/11/07 22:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/07 22:38:58 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/06 23:38:11 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2009/11/09 11:39:56 | 31,847,75168 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/09 11:18:59 | 00,041,541 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 23:38:10 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 08:51:31 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:22 | 00,007,331 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat
[2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini
[2009/08/26 17:21:17 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== LOP Check ==========
[2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr
[2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo
[2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search
[2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search
[2009/11/09 11:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/09 11:39:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
I'm sorry this is going slower than you probably expect, I'm making every attempt to return to this matter as soon as I possibly can.
The hosts file editing went well, I also had to uncheck the read-only attribute (I may have missed this before), on the general tab, when looking at the properties of the hosts file.
The OTL log follows ...
OTL logfile created on: 11/9/2009 11:43:28 AM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Di\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.48 Gb Total Space | 207.55 Gb Free Space | 90.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANE
Current User Name: Di
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Di\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll (Lenovo Group Limited)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SessionLauncher) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (QuickBooksDB19) -- C:\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (MSSQL$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$ALAMODE) -- c:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SuperIO) -- C:\WINDOWS\system32\drivers\spio.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:47:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/13 09:57:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/06 08:31:44 | 00,000,000 | ---D | M]
O1 HOSTS File: (19 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/11/06 16:21:28 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:36 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009/11/06 16:18:33 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 09:04:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/06 09:03:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/06 09:03:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/06 09:03:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/06 09:03:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/06 09:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/06 08:57:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 13:48:04 | 00,000,000 | ---D | C] -- C:\HostsXpert 4.2 - Hosts File Manager
[2009/11/04 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/11/04 12:51:54 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/04 12:51:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/04 12:51:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/04 12:51:48 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/04 12:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/04 12:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/04 12:50:28 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/04 12:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Di\Application Data\Malwarebytes
[2009/11/04 12:39:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 12:39:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 12:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 10:41:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/08/28 19:02:54 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2009/08/28 19:02:54 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
========== Files - Modified Within 30 Days ==========
[2009/11/09 11:40:43 | 00,007,331 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/09 11:40:28 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/09 11:39:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 11:39:56 | 31,847,75168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 11:39:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 11:39:24 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Di\NTUSER.DAT
[2009/11/09 11:39:24 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Di\ntuser.ini
[2009/11/09 11:39:22 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/11/09 11:38:16 | 00,000,019 | -HS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/09 11:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/09 11:19:00 | 00,002,157 | ---- | M] () -- C:\WINDOWS\alamode.ini
[2009/11/09 11:18:59 | 00,041,541 | ---- | M] () -- C:\WINDOWS\alaredun.ini
[2009/11/07 22:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/07 22:38:58 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/06 23:38:11 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 16:21:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\OTL.exe
[2009/11/06 16:20:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 16:18:37 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Di\Desktop\TFC.exe
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:04:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 13:41:03 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:10 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | M] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/11/01 08:42:31 | 00,529,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:42:31 | 00,104,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:42:30 | 00,646,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
========== Files Created - No Company Name ==========
[2009/11/09 11:39:56 | 31,847,75168 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/09 11:18:59 | 00,041,541 | ---- | C] () -- C:\WINDOWS\alaredun.ini
[2009/11/06 23:38:10 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\exeHelper.com
[2009/11/06 16:20:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Di\settings.dat
[2009/11/06 09:04:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/06 09:04:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/06 09:03:28 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/06 09:03:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/06 09:03:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/06 09:03:28 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/06 09:03:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 08:51:31 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\Di\Desktop\ComboFix.exe
[2009/11/04 13:41:03 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Di\Desktop\HijackThis.lnk
[2009/11/04 12:54:22 | 00,007,331 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/04 12:54:10 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/11/04 12:51:27 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/11/04 12:39:08 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 11:34:04 | 00,011,903 | ---- | C] () -- C:\Documents and Settings\Di\My Documents\Appraisal Order procedures.docx
[2009/09/12 08:52:01 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/30 11:59:34 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/28 22:13:46 | 00,000,121 | ---- | C] () -- C:\WINDOWS\MercuryWT.ini
[2009/08/28 22:13:46 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Mercury.ini
[2009/08/28 19:03:00 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2009/08/28 19:03:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/08/28 19:02:59 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\SmaRTEng.dll
[2009/08/28 19:02:58 | 00,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2009/08/28 19:02:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2009/08/28 19:02:56 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2009/08/28 19:02:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2009/08/28 19:02:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2009/08/28 19:02:56 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2009/08/28 19:02:56 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2009/08/28 19:02:56 | 00,000,313 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009/08/28 19:02:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[2009/08/28 19:02:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[2009/08/28 19:02:54 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2009/08/28 19:02:54 | 00,220,160 | ---- | C] () -- C:\WINDOWS\System32\Carcla30.dll
[2009/08/28 19:02:54 | 00,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2009/08/28 19:02:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll
[2009/08/28 19:02:53 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2009/08/28 19:02:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2009/08/28 19:02:53 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2009/08/28 19:02:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch2.dll
[2009/08/28 19:02:53 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\alaLaunch.dll
[2009/08/28 19:01:36 | 00,002,157 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2009/08/26 21:12:40 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\fusioncache.dat
[2009/08/26 17:21:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Di\Application Data\desktop.ini
[2009/08/26 17:21:17 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\IconCache.db
[2009/08/26 17:21:17 | 00,083,904 | ---- | C] () -- C:\Documents and Settings\Di\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 10:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/13 09:57:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/08/13 09:57:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/13 09:54:56 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/08/13 09:54:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/08/13 09:54:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/08/13 09:54:56 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/08/13 09:54:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/22 10:22:09 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:07 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/21 17:50:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/21 09:55:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/06 16:33:50 | 00,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\spio.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== LOP Check ==========
[2009/11/04 10:41:29 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\914fd87
[2009/10/12 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/12 08:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/08/13 10:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/13 10:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/12 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/08/13 09:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2009/08/13 09:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/09/14 14:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/13 09:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\DesktopPwrMgr
[2009/08/13 09:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Downloaded Installations
[2009/08/26 20:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Lenovo
[2009/09/09 14:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Desktop Search
[2009/09/09 16:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Di\Application Data\Windows Search
[2009/11/09 11:22:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 12:51:28 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/04 12:51:26 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/13 10:00:41 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/08/13 09:51:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/09 11:39:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
Ok, that looks good now! Let's get a couple more scans to check for orphans
The online scan can take awhile so you may want to do it overnight. Just make sure that you have disabled all real-time protection such as your anitivirus before beginning. It will speed things up.
------------------
Step 1:
------------------
Run Malwarebytes' Anti-Malware
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
------------------
Step 2:
------------------
Please download JavaRa to your desktop and unzip it to its own folder
------------------
Step 3:
------------------
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
Click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View report... at the bottom. Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
------------------
Step 4:
------------------
Please post back with the following:
The online scan can take awhile so you may want to do it overnight. Just make sure that you have disabled all real-time protection such as your anitivirus before beginning. It will speed things up.
------------------
Step 1:
------------------
Run Malwarebytes' Anti-Malware- Select the Update tab and then click Check for Updates.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select the Scanner tab and "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
------------------
Step 2:
------------------
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
------------------
Step 3:
------------------
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
- Once the update is complete, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
------------------
Step 4:
------------------
Please post back with the following:
- How your machine is running
- MBAM log
- KasReport.txt
Machine still appears to be running fine!
MBAM log follows ...
Malwarebytes' Anti-Malware 1.41
Database version: 3135
Windows 5.1.2600 Service Pack 3
11/9/2009 4:12:51 PM
mbam-log-2009-11-09 (16-12-51).txt
Scan type: Quick Scan
Objects scanned: 126442
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
KasReport.txt follows ...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 9, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 09, 2009 22:48:02
Records in database: 3184328
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 91416
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:09:16
No threats found. Scanned area is clean.
Selected area has been scanned.
MBAM log follows ...
Malwarebytes' Anti-Malware 1.41
Database version: 3135
Windows 5.1.2600 Service Pack 3
11/9/2009 4:12:51 PM
mbam-log-2009-11-09 (16-12-51).txt
Scan type: Quick Scan
Objects scanned: 126442
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
KasReport.txt follows ...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 9, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 09, 2009 22:48:02
Records in database: 3184328
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 91416
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:09:16
No threats found. Scanned area is clean.
Selected area has been scanned.
Well done! Your log appears clean! 
------------------
Step 1:
------------------
We're almost done. We need to do some clean up and get you on your way.
Follow these steps to uninstall Combofix
(This will remove all restore points to rid your machine of saved infected files and create a new restore point)
------------------
Step 2:
------------------
We need to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions.
Now delete any logs that you have left over on your desktop.
------------------
Step 3:
------------------
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vunerable.
Please go to Microsoft's Windows Update and download all the critical updates to help prevent possible re-infection.
It is best if you have these set to download automatically.
Automatic Updates for Windows
---------------------------------------------------------------------------------------------
This is a good time to set up protection against further attacks. Read our How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker, and a real time spyware program to prevent malware intrusions. Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Anti Spyware
Anti Spyware helps to eliminate certain types of infections. I would recommend getting these and running the scans at least twice a month. Also a real-time protector is beneficial to stop infections before they start. SpywareGuard is an excellent choice here.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.
---------------------------------------------------------------------------------------------
Safer Web Browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are some good free alternatives:
All are faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.
If you choose FireFox, here are a couple of addons that I recommend:
---------------------------------------------------------------------------------------------
Other Recommendations
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Take Care and Happy Surfing!
------------------
Step 1:
------------------
We're almost done. We need to do some clean up and get you on your way.
Follow these steps to uninstall Combofix
- Click START then RUN
- Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
(This will remove all restore points to rid your machine of saved infected files and create a new restore point)
------------------
Step 2:
------------------
We need to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions.
- Run OTL.exe
- Click the Clean Up button in top right corner.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Now delete any logs that you have left over on your desktop.
------------------
Step 3:
------------------
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vunerable.
Please go to Microsoft's Windows Update and download all the critical updates to help prevent possible re-infection.
It is best if you have these set to download automatically.
Automatic Updates for Windows
- Click Start.
- Select Settings and then Control Panel.
- Select Automatic Updates.
- Click Automatic (recommended)
- Choose a day and a time when you know the computer will be on and connected to the internet.
- Click Apply then OK.
---------------------------------------------------------------------------------------------
This is a good time to set up protection against further attacks. Read our How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker, and a real time spyware program to prevent malware intrusions. Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Anti Spyware
Anti Spyware helps to eliminate certain types of infections. I would recommend getting these and running the scans at least twice a month. Also a real-time protector is beneficial to stop infections before they start. SpywareGuard is an excellent choice here.
SUPERAntiSpyware is a powerful tool that can eliminate nasties that make it onto your machine.
SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.
---------------------------------------------------------------------------------------------
Safer Web Browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are some good free alternatives:
All are faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.
If you choose FireFox, here are a couple of addons that I recommend:
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must have if you do alot of Google searches.
---------------------------------------------------------------------------------------------
Other Recommendations
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Take Care and Happy Surfing!
Perplexus
Sorry for the delay in getting back to you ... a very busy day at the office.
Please let me start by trying to communicate my appreciation for all of your hard work. This pc was just put into service a little over a month ago and to have this happen gives one very little hope for happy surfing in the Microsoft world. Anyway, with people working very hard on both sides of this fence, I sure am happy your on the safe side. Your patience with the clueless (me), the detailed instructions and your can-do attitude really helped at every turn. Thank you very much!
I appreciate the rest of your post. Your recommendations will be heeded and I'll feel better about our pc security.
One question. Is McAfee lacking the capability to protect this pc? Or is malware not really a part of any anti-virus software? I guess what I'm asking is, is it worth the while to keep McAfee and just add to it? Or replace it with a combo of what you are recommending?
Again, thanks a million for all your help.
Sorry for the delay in getting back to you ... a very busy day at the office.
Please let me start by trying to communicate my appreciation for all of your hard work. This pc was just put into service a little over a month ago and to have this happen gives one very little hope for happy surfing in the Microsoft world. Anyway, with people working very hard on both sides of this fence, I sure am happy your on the safe side. Your patience with the clueless (me), the detailed instructions and your can-do attitude really helped at every turn. Thank you very much!
I appreciate the rest of your post. Your recommendations will be heeded and I'll feel better about our pc security.
One question. Is McAfee lacking the capability to protect this pc? Or is malware not really a part of any anti-virus software? I guess what I'm asking is, is it worth the while to keep McAfee and just add to it? Or replace it with a combo of what you are recommending?
Again, thanks a million for all your help.
Hey brudi,
Thank you so much for the kind words. It really keeps us going over here!
As far as McAfee goes, if you already have a subscription then you might as well keep it. No sense in throwing away money. No antivirus is capable of detecting every infection. There is a website, called AV-Comparatives that does independent tests on antivirus applications and publishes the data. You can find detection rates for each of the packages.
Personally, I quit using the big commercial apps like McAfee and Norton because you can get just as good if not better protection from the right combination of free products. I use Antivir for my antivirus along with Outpost for my firewall. Outpost is nice because if you are doing something new, you can put it into training mode and it will quit asking your permission to run the new apps. It will silently create rules for you. My recommendations always just entail free software, thus the SpywareGuard app is good to use. I actually use the paid version of Malwarebytes as additional real time protection in lieu of SpywareGuard. Even if you don't purchase Malwarebytes, I strongly urge you to keep the free version and do scans a couple times a month just to make sure you are clean.
One caveat I should tell you is that with the free antivirus and firewall applications, you will encounter "nag" screens. These are screens that pop up everyday after an update to see if you're ready to buy.
While I can't make the decision for you, I hope that you find the above information helpful. Let me know if I can be of any further help.
Thank you so much for the kind words. It really keeps us going over here!
As far as McAfee goes, if you already have a subscription then you might as well keep it. No sense in throwing away money. No antivirus is capable of detecting every infection. There is a website, called AV-Comparatives that does independent tests on antivirus applications and publishes the data. You can find detection rates for each of the packages.
Personally, I quit using the big commercial apps like McAfee and Norton because you can get just as good if not better protection from the right combination of free products. I use Antivir for my antivirus along with Outpost for my firewall. Outpost is nice because if you are doing something new, you can put it into training mode and it will quit asking your permission to run the new apps. It will silently create rules for you. My recommendations always just entail free software, thus the SpywareGuard app is good to use. I actually use the paid version of Malwarebytes as additional real time protection in lieu of SpywareGuard. Even if you don't purchase Malwarebytes, I strongly urge you to keep the free version and do scans a couple times a month just to make sure you are clean.
One caveat I should tell you is that with the free antivirus and firewall applications, you will encounter "nag" screens. These are screens that pop up everyday after an update to see if you're ready to buy.
While I can't make the decision for you, I hope that you find the above information helpful. Let me know if I can be of any further help.
McAfee is provided free of charge with our Comcast account, so getting rid of it is no problem.
Thanks for the AV-Comparables link ... very nice. I plan on having a replacement for McAfee by the end of the weekend. And I'm going to license my copy of MBAM, already has paid for itself a couple of times over.
My wife and I are really liking the Safari browser. We've got it on the laptop, I'm going to install Chrome on my desktop and she's going to install Firefox. Do a little Browser-Comparables of our own. I can honestly say that I never knew these were alternatives to IE ... and they're better!
Surprisingly enough we're actually happy this happened, really opened our eyes. Anyway, thank you again for all of your help and direction in running a safer environment.
Thanks for the AV-Comparables link ... very nice. I plan on having a replacement for McAfee by the end of the weekend. And I'm going to license my copy of MBAM, already has paid for itself a couple of times over.
My wife and I are really liking the Safari browser. We've got it on the laptop, I'm going to install Chrome on my desktop and she's going to install Firefox. Do a little Browser-Comparables of our own. I can honestly say that I never knew these were alternatives to IE ... and they're better!
Surprisingly enough we're actually happy this happened, really opened our eyes. Anyway, thank you again for all of your help and direction in running a safer environment.
You are very welcome. We're glad we could help
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.