dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8933
grandpinaple8
join:2006-01-03
New York, NY

1 edit

grandpinaple8

Member

Windows only boots to safe mode

Hi, I recently clicked on an executable file I downloaded by accident thinking it was another file. The executable was of course some sort of malware (I still have the .exe if anyone wants to see it). Windows defender caught some of the bad files when I hit the exe, but I didn't write down some of the names. Then my system shut down and after that I could only boot into safe mode. Anyway the computer won't boot to regular windows vista now, it will only allow me to boot to safe mode. In safe mode I was able to run Malwarebytes and Spybot, but both programs crashed as soon as I started scanning. After I tried to run them again I get a permission denied message telling me that I do not have the user rights to run the software. I tried reinstalling Malwarebytes, but got the same result. Oh also I am dual booting with Ubuntu so I can use that if required for any cleaning procedures. Thank you.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Hi grandpinaple

What version of Windows are you running, and what Service Pack do you have installed?

Using Windows Explorer, go to C:\Program Files\Malwarebytes' Anti-Malware and rename mbam.exe to mbam.scr and see if it will run.

If it does:
- Click the Update tab.
- Click Check for Updates.
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Then see if you can now run HijackThis and if you can please post a log from it, and the log from MBAM and note any errors encountered.
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

Running windows vista no service packs.

I get an error when I try to update, but that might just be because I am in safe mode without networking. I reinstalled Mbam and still get the same crash after 3 seconds. When I try to rename Mbam to mbam.scr Vista does not process it as a file type change (this is the way I always change file types, it might not be correct?). I will try to run hijack this now.
grandpinaple8

grandpinaple8

Member

Ok hijack this also crashes and then when I try to start it again I get the permissions error:

windows cannot access this item... you may not have the permission to access this item...

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

quote:
Running windows vista no service packs.
Service Pack 2 is out. Why had you never even installed SP-1?

Another option you could try for renaming MBAM would be to copy mbam.exe to mbam.scr like this from a command window.
- Open a Command window
- change to the MBAM folder - Type the following and hit Enter:
quote:
cd C:\Program Files\Malwarebytes' Anti-Malware

Then use the copy command to copy mbam.exe to mbam.scr
quote:
copy mbam.exe mbam.scr

Then see if you can run it by double-clicking on mbam.scr in Windows Explorer and if it does run, clean everything found.

Let's see if you can run this program.
Download random's system information tool (RSIT) by random/random from
http://images.malwareremoval.com/random/RSIT.exe
 
- Save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open:
log.txt (this will be maximized)
info.txt (this will be minimized)
These reports are long, please post the contents of both logs in separate replies.

Please post all the logs that you were able to run, if any:
Hijackthis
MBAM
RSIT
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

Nope same problem with RSIT, it runs but no logs open. I try to run it again. I get access denied. The command prompt command also denies me access.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Can you successfully open the Task Manager (CRTL-ALT-DEL) and see the processes that are running?
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

Yes task manager works.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Let's try this then. Open Task Manager, and maximize the window so you can see the full path of each item. Make a series of screen shots showing the full path for each, scrolling down as needed for a new screen shot so all the processes are displayed, and post those. If need be, you can refer to this FAQ:
»Software FAQ »How do I make a Screenshot?
If any path still goes off the right side of the graphic, please post the full path in text in your reply.
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

Click for full size
Click for full size
Here are the screen shots. They don't quite match up because I opened paint and MS Word in between, but it is pretty clear what is what.
grandpinaple8

grandpinaple8

Member

logfile.zip
3,832 bytes
Here is a logfile I found in the RSIT folder

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

That log file was not complete before it stopped, but it may have been enough.

Boot to your Ubantu installation and delete the following files:
C:\Windows\system32\pt0sjj.dll
C:\Users\NAME\AppData\Local\Temp\_A00F7DB00F.exe
C:\Users\NAME\AppData\Local\Temp\lsass.exe
C:\Users\NAME\AppData\Local\Temp\b.exe
vegibeya.dll (probably in the System32 folder)
C:\Windows\msa.exe
C:\Users\NAME\AppData\Roaming\cb.exe
C:\glpm.exe
C:\rudkwv.exe
C:\Windows\sc.exe (only the one in this folder, there should be a legitimate copy in the System32 folder)
C:\emeu.exe
C:\Users\NAME\AppData\Roaming\e4u.exe

And also delete the following folder for a rogue program:
C:\Program Files\Protection System

Now reboot to Windows and see if you can run, update, and scan with MBAM.

If you can, please post the log from MBAM, and a HijackThis log.
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

Removed all of those.Regular windows doesn't boot. I boot in safe mode and reinstall mbam. I run it and after 3 seconds into a scan it just crashes. I try to open it again I get a permission denied error. Likewise with hijack this.
grandpinaple8

grandpinaple8

Member

By the way I have the original exe file which caused all of this, if that is at all helpful.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Please download exeHelper and save it to the Desktop.
http://www.raktor.net/exeHelper/exeHelper.com
 
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please [u]re-run[/u] the program before posting a log - and post the two logs together (they will both be in the one file).

Can you now run MBAM and HijackThis?
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

No I still had to reinstall mbam for it to run, likewise with hijack this. I tried locking the exe files for both, but the virus appears to change the permissions on the files and makes them unusable forcing me to reinstall every time. Whenever I try to run a scan in mbam it crashes 5 seconds in before the scan even starts. Hijackthis manages to start scanning but also crashes a few seconds in.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Please run a GMER Rootkit scan:

Download GMER's application from here:
»www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

I have been only running in safe mode as regular mode boot stops short of the vista circular logo (although I do see a mouse before the screen goes black).
grandpinaple8

grandpinaple8 to TheJoker

Member

to TheJoker
copied gmer.txt
34,994 bytes
Ok I am pasting the gmer output here and as an attatchment.

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-27 23:59:45

Windows 6.0.6000

Running: gmer.exe; Driver: C:\Users\NAME\AppData\Local\Temp\kfldypog.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B6AC4

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B60E8

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B63D8

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827A4C64

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827A4F08

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B61C0

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B6934

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B66D4

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B6EDC

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 827B7148

---- Kernel code sections - GMER 1.0.15 ----

? win32k.sys:1 The system cannot find the file specified. !

? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Users\NAME\Desktop\gmer.exe[524] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\wininit.exe[528] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\wininit.exe[528] USER32.dll!IsThreadDesktopComposited + 3FD 77B6BEB9 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\C1B63E18.x86.dll

.text C:\Windows\system32\wininit.exe[528] GDI32.dll!SetROP2 + 90 76AB89E7 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\C1B63E18.x86.dll

.text C:\Windows\system32\wininit.exe[528] GDI32.dll!CreateFontA + 9E 76AC154B 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\C1B63E18.x86.dll

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\winlogon.exe[572] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.reloc C:\Windows\system32\services.exe[604] C:\Windows\system32\services.exe section is executable [0x01043000, 0x8E00, 0xE0000040]

.reloc C:\Windows\system32\services.exe[604] C:\Windows\system32\services.exe entry point in ".reloc" section [0x0104BBE2]

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\services.exe[604] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.aspack C:\Windows\system32\drivers\smss.exe[1240] C:\Windows\system32\drivers\smss.exe entry point in ".aspack" section [0x0041A001]

.adata C:\Windows\system32\drivers\smss.exe[1240] C:\Windows\system32\drivers\smss.exe unknown last section [0x0041E000, 0x1000, 0xC0000040]

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\system32\drivers\smss.exe[1240] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.reloc C:\Windows\Explorer.EXE[1248] C:\Windows\Explorer.EXE section is executable [0x012C7000, 0xAA00, 0xE0000040]

.reloc C:\Windows\Explorer.EXE[1248] C:\Windows\Explorer.EXE entry point in ".reloc" section [0x012D180E]

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\Explorer.EXE[1248] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtCreateFile 77D1F414 5 Bytes CALL 7FFA48BE

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtCreateProcess 77D1F4D4 5 Bytes CALL 7FFA494D

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtCreateProcessEx 77D1F4E4 5 Bytes CALL 7FFA495A

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtDeviceIoControlFile 77D1F844 5 Bytes CALL 7FFA4BDE

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtOpenFile 77D1FBF4 5 Bytes CALL 7FFA4943

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtQueryInformationProcess 77D1FE94 5 Bytes CALL 7FFA499B

.text C:\Windows\helppane.exe[1424] ntdll.dll!NtCreateUserProcess 77D208A4 5 Bytes CALL 7FFA4967

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\wininit.exe[528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\C1B63E18.x86.dll

IAT C:\Windows\system32\wininit.exe[528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\C1B63E18.x86.dll

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74E1FD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74DEBBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74DDA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74DDCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74DD8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74DED168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74DD7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74DD7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74DD6A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74E6C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74DF80FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74DD90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74DE223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74DE2267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74DE771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74DE753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74E18585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\ACPI_HAL \Device\00000075 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\C1B63E18.x86.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [528] 0x35670000

Library \\?\globalroot\Device\__max++>\C1B63E18.x86.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [604] 0x35670000

Library \\?\globalroot\Device\__max++>\C1B63E18.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [848] 0x35670000

Library \\?\globalroot\Device\__max++>\C1B63E18.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [976] 0x35670000

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACxumavdpnqgkojgtux.sys (*** hidden *** ) [SYSTEM] UACd.sys -- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19@0018afbd6457 0xD1 0x61 0x7C 0xB0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19@00e0917fd271 0x95 0x85 0x20 0xD3 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19@001cccec80b4 0x99 0x5F 0x27 0xD9 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19@00249f0efc0e 0x0C 0x44 0x1C 0x48 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19@0021fe862a08 0x44 0x44 0xA1 0x0F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffff19@00237a8f1ccf 0x67 0xD8 0x50 0xF9 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxumavdpnqgkojgtux.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACfakgbwidqjpumilnb.db

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACyqurmritohpiksabd.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACjekcapelvjwcvbmvb.dll

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19@0018afbd6457 0xD1 0x61 0x7C 0xB0 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19@00e0917fd271 0x95 0x85 0x20 0xD3 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19@001cccec80b4 0x99 0x5F 0x27 0xD9 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19@00249f0efc0e 0x0C 0x44 0x1C 0x48 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19@0021fe862a08 0x44 0x44 0xA1 0x0F ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26ffff19@00237a8f1ccf 0x67 0xD8 0x50 0xF9 ...

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxumavdpnqgkojgtux.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACfakgbwidqjpumilnb.db

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACyqurmritohpiksabd.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACjekcapelvjwcvbmvb.dll

---- EOF - GMER 1.0.15 ----

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker

MVM

Boot to your Ubantu installation and delete the following files:
C:\Windows\system32\drivers\UACxumavdpnqgkojgtux.sys
C:\Windows\system32\UACfakgbwidqjpumilnb.db
C:\Windows\system32\UACyqurmritohpiksabd.dll
C:\Windows\system32\UACjekcapelvjwcvbmvb.dll

Reboot to Windows and see if you can now run MBAM, and if you can scan and clean everything found and post a HijackThis log.
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

I don't see any files starting with UAC in sys32 or in sys32/drivers.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Did you boot to your Ubantu installation to check? They are part of a rootkit and if you were in Windows you might not be able to see them. They also might be Hidden, System files, not sure if you have trouble seeing those in Linux as I'm unfamiliar with Linux (or any UNIX variant).
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

I'm fairly certain they don't exist because I tried looking both under windows and under Ubuntu. In Ubuntu I just went to terminal and had it display all possible files. I tried issuing a remove command for those files, but it doesn't find them that way either.
grandpinaple8

grandpinaple8

Member

Also I'm not sure if this is a safe mode feature, but in control panel I see very few of the usual icons. So I only see administrative tools, personal preferences and a handful of others.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

Please download OTL from here:
http://oldtimer.geekstogo.com/OTL.exe
 
- Save it to your desktop.
- Double click on OTL.exe on your desktop.
Click the "Scan All Users" checkbox.
- Click the "Run Scan" button.
- Two reports will open, copy and paste them in a reply here:
-- OTListIt.txt (Will be opened)
-- Extra.txt (Will be minimized)
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

OTL.Txt
126,804 bytes
This is OTL and I have attatched it as well.

OTL logfile created on: 9/28/2009 10:55:20 AM - Run 1

OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\NAME\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16890)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.76% Memory free

1.93 Gb Paging File | 1.72 Gb Available in Paging File | 89.03% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 61.22 Gb Total Space | 4.54 Gb Free Space | 7.42% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 24.68 Gb Total Space | 14.54 Gb Free Space | 58.90% Space Free | Partition Type: Ext2

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Z: | 6.54 Gb Total Space | 0.39 Gb Free Space | 5.94% Space Free | Partition Type: NTFS

Computer Name: NAME-PC

Current User Name: NAME

Logged in as Administrator.

Current Boot Mode: SafeMode

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/09/27 16:46:02 | 00,073,216 | ---- | M] (PROMO Software) -- C:\Windows\System32\drivers\smss.exe

PRC - [2008/10/29 01:20:29 | 02,944,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - [2009/09/28 10:51:31 | 00,538,624 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007/07/05 17:48:50 | 00,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Stopped])

SRV - [2007/02/09 20:39:08 | 00,407,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Stopped])

SRV - [2007/07/05 17:48:54 | 00,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Stopped])

SRV - [2007/02/05 16:44:24 | 00,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters [Auto | Stopped])

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])

SRV - [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Stopped])

SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])

SRV - [2008/07/27 13:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2006/11/15 18:20:46 | 00,655,360 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Stopped])

SRV - [2006/11/02 07:35:28 | 00,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2006/11/02 07:35:29 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])

SRV - [2006/11/02 04:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])

SRV - [2008/07/02 16:27:38 | 00,675,328 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/05/04 02:23:30 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008/11/19 19:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Stopped])

SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Stopped])

SRV - [2007/05/31 05:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Stopped])

SRV - [2004/10/22 05:24:18 | 00,094,208 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008/06/19 20:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])

SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

SRV - [2007/01/29 22:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC [Auto | Stopped])

SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Stopped])

SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])

SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])

SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Stopped])

SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])

SRV - [2008/06/19 20:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007/10/23 15:19:06 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2008/06/09 14:23:00 | 00,217,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Stopped])

SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])

SRV - [2007/01/12 05:33:14 | 00,077,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])

SRV - [2007/01/12 05:32:48 | 00,315,392 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])

SRV - [2007/04/22 16:01:18 | 00,901,120 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])

SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Stopped])

SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Stopped])

SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])

SRV - [2009/03/10 16:11:34 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])

SRV - [2007/05/30 10:26:26 | 00,094,208 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])

SRV - [2008/10/20 11:36:40 | 00,049,152 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe -- (SUService [Auto | Stopped])

SRV - [2007/09/26 18:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Stopped])

SRV - [2007/03/02 19:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Stopped])

SRV - [2007/03/02 00:07:28 | 00,055,936 | ---- | M] () -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC [Auto | Stopped])

SRV - [2006/12/21 21:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Stopped])

SRV - [2007/01/08 22:03:26 | 00,589,824 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Stopped])

SRV - [2007/01/08 22:01:46 | 00,970,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Stopped])

SRV - [2008/03/04 11:34:12 | 01,142,784 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Stopped])

SRV - [2007/01/08 20:42:20 | 00,070,944 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk [Auto | Stopped])

SRV - [2007/09/20 07:29:20 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])

SRV - [2006/11/02 07:36:04 | 00,915,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

SRV - [2006/11/28 02:44:00 | 00,407,040 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2007/10/04 16:14:44 | 00,348,160 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Stopped])

DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

DRV - [2007/10/25 06:19:00 | 00,153,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])

DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])

DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

DRV - [2006/11/02 02:30:53 | 00,167,936 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])

DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])

DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])

DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])

DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2007/03/29 13:46:00 | 00,079,664 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])

DRV - [2007/02/27 00:20:00 | 00,081,200 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])

DRV - [2007/02/27 00:20:00 | 00,016,432 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Stopped])

DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

DRV - [2007/03/13 18:13:32 | 00,035,064 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Stopped])

DRV - [2007/03/13 18:13:26 | 00,032,472 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Stopped])

DRV - [2007/02/08 22:05:30 | 00,012,856 | ---- | M] (Roxio) -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])

DRV - [2007/03/13 18:13:54 | 00,009,400 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Stopped])

DRV - [2007/03/13 18:13:24 | 00,104,824 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Stopped])

DRV - [2007/03/13 18:13:28 | 00,026,744 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Stopped])

DRV - [2007/03/13 18:13:26 | 00,014,520 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Stopped])

DRV - [2007/02/08 22:05:30 | 00,028,120 | ---- | M] (Roxio) -- C:\Windows\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])

DRV - [2007/03/13 18:13:30 | 00,094,648 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Stopped])

DRV - [2007/03/13 18:13:30 | 00,098,104 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Stopped])

DRV - [2007/03/12 03:25:28 | 00,099,848 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])

DRV - [2007/02/09 14:34:16 | 00,051,768 | ---- | M] (Roxio) -- C:\Windows\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Stopped])

DRV - [2008/03/05 18:43:32 | 00,223,360 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])

DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

DRV - [2008/01/20 17:56:12 | 00,187,840 | ---- | M] (Stephan Schreiber) -- C:\Windows\System32\DRIVERS\ext2fs.sys -- (Ext2fs [System | Running])

DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2009/09/27 16:46:50 | 00,089,344 | ---- | M] () -- C:\Windows\System32\drivers\glaide32.sys -- (glaide32 [System | Stopped])

DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])

DRV - [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])

DRV - [2006/12/21 21:50:00 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Stopped])

DRV - [2006/12/21 21:49:00 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Stopped])

DRV - [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])

DRV - [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])

DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])

DRV - [2007/05/31 05:01:30 | 00,021,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])

DRV - [2007/12/29 19:50:42 | 00,058,816 | ---- | M] (Stephan Schreiber) -- C:\Windows\System32\DRIVERS\ifsmount.sys -- (IfsMount [System | Running])

DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

DRV - [2006/08/30 05:04:04 | 00,013,744 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\DRIVERS\smiif32.sys -- (lenovo.smi [System | Stopped])

DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

DRV - [2006/06/19 00:26:00 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])

DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])

DRV - [2009/09/27 16:46:03 | 00,077,056 | ---- | M] () -- C:\Windows\System32\drivers\bmydqccofrzqqt.sys -- (nctgvm [Auto | Stopped])

DRV - [2007/04/29 16:45:18 | 02,219,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Stopped])

DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

DRV - [2008/06/09 14:23:00 | 07,522,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Stopped])

DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

DRV - [2007/05/03 20:00:22 | 00,025,632 | ---- | M] (PC-Doctor, Inc.) -- C:\Program Files\PCDR5\pcd5srvc.pkms -- (PCD5SRVC{DF187064-5DA14001-05020000} [On_Demand | Stopped])

DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Stopped])

DRV - [2006/11/06 03:24:56 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Stopped])

DRV - [2009/06/06 04:11:39 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\DRIVERS\psadd.sys -- (psadd [On_Demand | Stopped])

DRV - [2007/02/02 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])

DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

DRV - [2007/02/24 00:42:00 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])

DRV - [2007/01/23 02:40:00 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])

DRV - [2008/04/16 13:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])

DRV - [2007/03/21 08:02:00 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])

DRV - [2008/05/09 20:21:06 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\RMCAST.sys -- (RMCAST [Auto | Stopped])

DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Stopped])

DRV - [2007/03/02 19:49:00 | 00,100,656 | ---- | M] (Lenovo.) -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf [Boot | Running])

DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

DRV - [2007/10/13 17:13:58 | 00,114,048 | ---- | M] (Acronis) -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])

DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

DRV - [2007/10/13 17:14:03 | 00,032,768 | ---- | M] (Acronis) -- C:\Windows\System32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Stopped])

DRV - [2007/10/13 17:14:03 | 00,392,320 | ---- | M] (Acronis) -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])

DRV - [2007/03/02 19:47:00 | 00,019,760 | ---- | M] (Lenovo.) -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN [Boot | Running])

DRV - [2006/11/02 04:50:17 | 00,041,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys -- (TPM [On_Demand | Running])

DRV - [2007/06/17 12:05:00 | 00,012,080 | ---- | M] () -- C:\Windows\System32\drivers\Tppwr32v.sys -- (TPPWRIF [System | Stopped])

DRV - [2007/09/20 08:39:17 | 00,033,536 | ---- | M] (Lenovo) -- C:\Windows\System32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Stopped])

DRV - [2006/09/13 14:42:44 | 00,035,264 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\DRIVERS\Tvti2c.sys -- (TVTI2C [On_Demand | Stopped])

DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

DRV - [2006/11/02 03:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

DRV - [2007/01/08 19:25:53 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])

DRV - [2006/12/21 21:48:00 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Stopped])

DRV - [2006/11/28 02:44:00 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Stopped])

DRV - File not found -- Service key not found. -- ({79007602-0CDB-4405-9DBF-1257BB3226ED} [Unknown | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\S-1-5-21-3651070291-4180901521-1516843835-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\S-1-5-21-3651070291-4180901521-1516843835-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:07:43 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/14 11:20:40 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 20:42:50 | 00,000,000 | ---D | M]

[2009/05/14 05:30:46 | 00,000,000 | ---D | M] -- C:\Users\NAME\AppData\Roaming\mozilla\Extensions

[2009/05/14 05:30:46 | 00,000,000 | ---D | M] -- C:\Users\NAME\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/27 15:54:00 | 00,000,000 | ---D | M] -- C:\Users\NAME\AppData\Roaming\mozilla\Firefox\Profiles\z41l6wfz.default\extensions

[2009/09/04 23:31:29 | 00,000,000 | ---D | M] -- C:\Users\NAME\AppData\Roaming\mozilla\Firefox\Profiles\z41l6wfz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/09/27 15:54:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/05/14 11:20:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2007/10/14 22:54:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008/08/21 23:55:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/05/14 11:20:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org

[2009/05/14 11:20:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org

[2008/12/17 16:59:30 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll

[2008/12/17 16:59:31 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll

[2008/12/17 16:59:32 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll

[2008/12/17 16:59:33 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll

[2008/12/17 16:59:35 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2007/07/26 18:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2005/11/29 18:28:00 | 00,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPinfotl.dll

[2008/12/17 16:59:36 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2006/10/07 06:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2008/11/21 21:32:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2008/11/21 21:32:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2008/11/21 21:32:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2008/11/21 21:32:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2008/11/21 21:32:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2008/11/21 21:32:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2008/11/21 21:32:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2006/10/07 06:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2008/12/17 13:24:41 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2008/12/17 13:24:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2008/12/17 13:24:41 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2008/12/17 13:24:41 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2008/12/17 13:24:41 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2008/12/17 13:24:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (C:\Windows\system32\pt0sjj.dll) - {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - C:\Windows\System32\pt0sjj.dll File not found

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()

O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [iCall Internet Phone] C:\Program Files\iCall\iCall.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [A00F7DB00F.exe] C:\Users\NAME\AppData\Local\Temp\_A00F7DB00F.exe File not found

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [Login Software 2009] C:\Users\NAME\AppData\Local\Temp\ma7cci.exe ()

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [PopRock] C:\Users\NAME\AppData\Local\Temp\b.exe File not found

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Users\NAME\AppData\Local\Temp\lsass.exe File not found

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-F1BDD.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\googledownload.exe (SM Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 165.124.49.21 129.105.49.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (vegibeya.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\drivers\smss.exe) - C:\Windows\System32\drivers\smss.exe (PROMO Software)

O20 - Winlogon\Notify\__c00C3EE4: DllName - C:\Windows\system32\__c00C3EE4.dat - C:\Windows\System32\__c00C3EE4.dat ()

O22 - SharedTaskScheduler: {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - iukjsf8w3jirojs9f8u3jruhsf78s3jijdif - C:\Windows\System32\pt0sjj.dll File not found

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{64729df3-209a-11de-8f60-824206bd1150}\Shell\AutoRun\command - "" = H:\PortableVault.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\Users\NAME\Desktop\*.tmp files]

[2009/09/28 10:51:31 | 00,538,624 | ---- | C] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe

[2009/09/28 10:37:06 | 00,000,000 | -H-D | C] -- C:\test

[2009/09/27 23:48:53 | 00,312,320 | ---- | C] () -- C:\Users\NAME\Desktop\gmer.exe

[2009/09/27 23:44:57 | 00,280,419 | ---- | C] () -- C:\Users\NAME\Desktop\gmer.zip

[2009/09/27 23:24:12 | 00,284,160 | ---- | C] () -- C:\Users\NAME\Desktop\exeHelper.com

[2009/09/27 21:22:10 | 00,049,740 | ---- | C] () -- C:\Users\NAME\Desktop\screenshot2.jpg

[2009/09/27 21:21:37 | 00,044,469 | ---- | C] () -- C:\Users\NAME\Desktop\screenshot1.jpg

[2009/09/27 20:16:01 | 00,000,000 | ---D | C] -- C:\rsit

[2009/09/27 20:15:37 | 00,781,909 | ---- | C] () -- C:\Users\NAME\Desktop\RSIT.exe

[2009/09/27 20:03:55 | 00,714,240 | ---- | C] () -- C:\Windows\is-F1BDD.exe

[2009/09/27 20:03:55 | 00,010,498 | ---- | C] () -- C:\Windows\is-F1BDD.msg

[2009/09/27 20:03:55 | 00,000,422 | ---- | C] () -- C:\Windows\is-F1BDD.lst

[2009/09/27 18:07:51 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/27 18:07:48 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/09/27 18:07:42 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/09/27 17:10:50 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/09/27 16:46:50 | 00,089,344 | ---- | C] () -- C:\Windows\System32\drivers\glaide32.sys

[2009/09/27 16:46:26 | 00,073,216 | ---- | C] (PROMO Software) -- C:\Windows\System32\drivers\smss.exe

[2009/09/27 16:46:16 | 00,000,236 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009/09/27 16:46:14 | 00,000,274 | -H-- | C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2009/09/27 16:46:09 | 00,000,000 | ---- | C] () -- C:\Windows\win32k.sys

[2009/09/27 16:46:03 | 00,077,056 | ---- | C] () -- C:\Windows\System32\drivers\bmydqccofrzqqt.sys

[2009/09/27 16:46:02 | 00,028,160 | ---- | C] () -- C:\Windows\System32\__c00C3EE4.dat

[2009/09/27 16:45:56 | 00,000,000 | ---- | C] () -- C:\Windows\SC.INS

[2009/09/27 16:32:06 | 00,000,000 | ---D | C] -- C:\Users\NAME\Desktop\Txtbks

[2009/09/25 22:19:09 | 00,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat

[2009/09/25 22:18:00 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2009/09/25 22:16:25 | 00,000,000 | ---D | C] -- C:\Users\NAME\AppData\Roaming\HpUpdate

[2009/09/25 22:16:19 | 00,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard

[2009/09/24 12:20:20 | 00,016,268 | ---- | C] () -- C:\Users\NAME\Desktop\Managerial Analytics Cases.xlsx

[2009/09/24 11:00:36 | 00,207,872 | ---- | C] () -- C:\Users\NAME\Desktop\Lecture 1 Slides.ppt

[2009/09/24 11:00:29 | 00,099,320 | ---- | C] () -- C:\Users\NAME\Desktop\Missing%20Geertz%20Article.pdf

[2009/09/24 11:00:14 | 00,059,392 | ---- | C] () -- C:\Users\NAME\Desktop\Syllabus.doc

[2009/09/23 08:07:08 | 00,011,121 | ---- | C] () -- C:\Users\NAME\Desktop\Schedule for day.xlsx

[2009/09/11 23:32:34 | 00,011,204 | ---- | C] () -- C:\Users\NAME\Desktop\Nadia Resume.docx

[2009/09/10 21:41:13 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

[2009/09/10 21:41:13 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2009/09/10 21:41:13 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll

[2009/09/10 21:41:13 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll

[2009/09/10 21:41:13 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE

[2009/09/10 21:41:13 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe

[2009/09/10 21:41:13 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE

[2009/09/10 21:41:13 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE

[2009/09/10 21:41:13 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE

[2009/09/10 21:41:13 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe

[2009/09/10 21:41:13 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE

[2009/09/10 21:41:13 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE

[2009/09/10 21:41:13 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2009/09/10 21:40:39 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf

[2009/09/10 21:40:39 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll

[2009/09/10 21:40:39 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll

[2009/09/10 21:40:39 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll

[2009/09/10 21:40:39 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll

[2009/09/10 21:40:39 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll

[2009/09/10 21:40:39 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll

[2009/09/10 21:40:35 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2009/09/10 21:40:34 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2009/09/10 21:40:34 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2009/09/10 21:40:34 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe

[2009/09/10 21:40:34 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe

[2009/09/10 21:40:34 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll

[2009/09/10 21:40:11 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2009/09/03 18:24:20 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2009/09/03 18:24:18 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2009/09/03 18:24:17 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2009/09/02 19:17:16 | 00,081,920 | -HS- | C] (SM Software) -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\googledownload.exe

[2009/09/01 17:20:47 | 00,000,000 | ---D | C] -- C:\Users\NAME\Desktop\Farida Student's Artwork

[2009/08/31 20:05:43 | 00,000,000 | ---D | C] -- C:\Users\NAME\Desktop\Rencap

[2009/06/27 16:46:00 | 00,072,192 | -HS- | C] () -- C:\Windows\System32\yorerufo.dll

[2009/06/27 16:46:00 | 00,072,192 | -HS- | C] () -- C:\Windows\System32\lekijove.dll

[2008/12/05 15:40:58 | 00,509,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll

[2008/07/02 16:36:14 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2008/01/12 23:01:11 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/01/12 23:01:11 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007/12/03 23:09:08 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007/11/12 04:05:41 | 00,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll

[2007/11/12 04:05:40 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2007/11/04 10:08:07 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2007/09/20 08:28:32 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007/09/20 08:28:32 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007/09/20 08:28:32 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007/09/20 08:28:32 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007/09/20 08:28:32 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007/09/20 08:28:32 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007/09/20 08:26:20 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007/09/20 08:26:19 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2007/09/20 08:02:09 | 00,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS

[2007/09/20 07:27:06 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/06/19 13:23:40 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2007/03/29 14:42:38 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/03/02 07:15:36 | 00,000,026 | ---- | C] () -- C:\Windows\System32\PROCDB.INI

[2007/03/02 07:15:25 | 00,000,002 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI

[2007/02/10 13:02:59 | 00,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL

[2006/12/14 01:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 01:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/06 18:49:36 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini

[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/02 05:23:31 | 00,000,163 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 03:43:04 | 00,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll

[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/05 16:20:36 | 00,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL

[2005/01/03 12:10:44 | 00,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL

[2003/11/16 04:48:02 | 00,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll

[2003/11/16 04:48:00 | 01,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2003/11/15 11:54:18 | 00,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2002/10/06 17:42:58 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\Users\NAME\Desktop\*.tmp files]

[2009/09/28 10:53:49 | 00,001,744 | -H-- | M] () -- C:\Windows\System32\lutotaki

[2009/09/28 10:53:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/09/28 10:53:13 | 00,000,000 | ---- | M] () -- C:\Windows\win32k.sys

[2009/09/28 10:51:31 | 00,538,624 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe

[2009/09/28 10:37:59 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2009/09/27 23:44:57 | 00,280,419 | ---- | M] () -- C:\Users\NAME\Desktop\gmer.zip

[2009/09/27 23:24:12 | 00,284,160 | ---- | M] () -- C:\Users\NAME\Desktop\exeHelper.com

[2009/09/27 21:22:11 | 00,049,740 | ---- | M] () -- C:\Users\NAME\Desktop\screenshot2.jpg

[2009/09/27 21:21:37 | 00,044,469 | ---- | M] () -- C:\Users\NAME\Desktop\screenshot1.jpg

[2009/09/27 20:15:33 | 00,781,909 | ---- | M] () -- C:\Users\NAME\Desktop\RSIT.exe

[2009/09/27 20:03:55 | 00,714,240 | ---- | M] () -- C:\Windows\is-F1BDD.exe

[2009/09/27 20:03:55 | 00,010,498 | ---- | M] () -- C:\Windows\is-F1BDD.msg

[2009/09/27 20:03:55 | 00,000,422 | ---- | M] () -- C:\Windows\is-F1BDD.lst

[2009/09/27 20:03:27 | 00,000,000 | ---- | M] () -- C:\Windows\SC.INS

[2009/09/27 19:56:31 | 00,002,032 | ---- | M] () -- C:\Users\NAME\AppData\Local\d3d9caps.dat

[2009/09/27 18:07:51 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/27 16:46:50 | 00,089,344 | ---- | M] () -- C:\Windows\System32\drivers\glaide32.sys

[2009/09/27 16:46:42 | 00,027,649 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/09/27 16:46:42 | 00,027,649 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/09/27 16:46:37 | 00,000,236 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009/09/27 16:46:20 | 00,000,274 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2009/09/27 16:46:03 | 00,077,056 | ---- | M] () -- C:\Windows\System32\drivers\bmydqccofrzqqt.sys

[2009/09/27 16:46:02 | 00,073,216 | ---- | M] (PROMO Software) -- C:\Windows\System32\drivers\smss.exe

[2009/09/27 16:44:19 | 00,001,506 | ---- | M] () -- C:\Users\NAME\Documents\NewsbinSetup.nbi

[2009/09/27 16:29:13 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/09/27 16:29:13 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/09/27 16:19:00 | 00,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2009/09/27 14:31:22 | 00,000,026 | ---- | M] () -- C:\Windows\System32\PROCDB.INI

[2009/09/27 14:29:54 | 00,000,002 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI

[2009/09/27 14:29:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/09/27 10:35:00 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2009/09/25 22:20:55 | 00,116,842 | ---- | M] () -- C:\Windows\hpqins00.dat

[2009/09/25 22:19:56 | 00,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/09/24 16:20:16 | 00,011,121 | ---- | M] () -- C:\Users\NAME\Desktop\Schedule for day.xlsx

[2009/09/24 12:20:20 | 00,016,268 | ---- | M] () -- C:\Users\NAME\Desktop\Managerial Analytics Cases.xlsx

[2009/09/24 11:00:57 | 00,799,124 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/09/24 11:00:57 | 00,676,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/09/24 11:00:57 | 00,126,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/09/24 11:00:36 | 00,207,872 | ---- | M] () -- C:\Users\NAME\Desktop\Lecture 1 Slides.ppt

[2009/09/24 11:00:29 | 00,099,320 | ---- | M] () -- C:\Users\NAME\Desktop\Missing%20Geertz%20Article.pdf

[2009/09/24 11:00:14 | 00,059,392 | ---- | M] () -- C:\Users\NAME\Desktop\Syllabus.doc

[2009/09/15 17:36:08 | 00,312,320 | ---- | M] () -- C:\Users\NAME\Desktop\gmer.exe

[2009/09/12 10:31:23 | 00,011,204 | ---- | M] () -- C:\Users\NAME\Desktop\Nadia Resume.docx

[2009/09/02 19:17:16 | 00,081,920 | -HS- | M] (SM Software) -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\googledownload.exe
grandpinaple8

grandpinaple8 to TheJoker

Member

to TheJoker
Extras.Txt
86,866 bytes
This is extras.

OTL Extras logfile created on: 9/28/2009 10:55:20 AM - Run 1

OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\NAME\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16890)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.76% Memory free

1.93 Gb Paging File | 1.72 Gb Available in Paging File | 89.03% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 61.22 Gb Total Space | 4.54 Gb Free Space | 7.42% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 24.68 Gb Total Space | 14.54 Gb Free Space | 58.90% Space Free | Partition Type: Ext2

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Z: | 6.54 Gb Total Space | 0.39 Gb Free Space | 5.94% Space Free | Partition Type: NTFS

Computer Name: NAME-PC

Current User Name: NAME

Logged in as Administrator.

Current Boot Mode: SafeMode

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3651070291-4180901521-1516843835-1005]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{257D09FE-DE99-4549-A687-74C74573C57A}" = rport=445 | protocol=6 | dir=out | app=system |

"{2DFD13DE-0A27-4E00-B7BB-9BDCC1B5036C}" = lport=137 | protocol=17 | dir=in | app=system |

"{4912FF05-EE22-4E4E-AA17-6C22F0C7E66D}" = lport=27015 | protocol=6 | dir=in | name=a |

"{6099CA22-E5EC-402C-80FC-5CD0956FFAE7}" = lport=58965 | protocol=6 | dir=in | name=aaa |

"{7DD393B7-8E48-4696-B372-22F3F2051B30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{98A24CD2-91EB-48F9-A9B4-2FB319BE5E1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{9CDEC1DB-1574-4B92-A630-1C96A14FF263}" = rport=137 | protocol=17 | dir=out | app=system |

"{9ECDFE03-6CF3-4D94-BA39-409427061705}" = rport=139 | protocol=6 | dir=out | app=system |

"{A3BC95C8-5710-440F-9DED-F265D0FD6464}" = lport=138 | protocol=17 | dir=in | app=system |

"{A4F58914-3462-471C-B139-F3D95B983F6C}" = lport=445 | protocol=6 | dir=in | app=system |

"{C43BEE35-9C79-45C6-9CA0-883724E8D1E2}" = lport=139 | protocol=6 | dir=in | app=system |

"{C7C2F274-207A-4DFB-8845-338956B4C8B2}" = lport=58965 | protocol=17 | dir=in | name=aaaa |

"{D2FBC43F-7480-4273-9EC9-6984931394A2}" = rport=138 | protocol=17 | dir=out | app=system |

"{E868C8C0-3DE7-4D9D-8301-C1759D5BC10C}" = lport=27015 | protocol=17 | dir=in | name=aa |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04BB908B-29D6-48C9-BBC0-B7A3627E04FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{132788F6-6932-4213-8FCE-81FB6AC3A339}" = protocol=6 | dir=in | app=c:\users\NAME\desktop\utorrent.exe |

"{175CBC86-2816-4475-BDB6-EA62AF43670F}" = protocol=17 | dir=in | app=c:\windows\temp\vrt7cdf.tmp |

"{18262C47-2B08-48A4-81E6-166CFA2845D7}" = protocol=17 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20080617\instream.app\instream.exe |

"{1A87DFAF-4FC6-46BE-8317-5FD1D77DC10E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{21955DAD-7658-4B46-9C93-E8D864FE1BE3}" = protocol=6 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20080121\instream.app\instream.exe |

"{222100E7-9745-4F65-AEBC-34C43C373C1A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{25F5C3B8-E3B8-4FAC-BD45-87FAF9589236}" = protocol=6 | dir=in | app=c:\windows\temp\vrt7cdf.tmp |

"{26183B53-A527-4633-81C8-87B5CA4091D6}" = protocol=17 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20070913\instream.app\instream.exe |

"{27410DDE-9A8A-4FC4-862B-6CA960EB584A}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{2B8A8C75-5497-4918-892A-898EF3160A15}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

"{2D75B516-99CC-4509-B5AF-B7CE268A69EF}" = protocol=6 | dir=in | app=c:\users\NAME\desktop\utorrent.exe |

"{31A4081F-DE30-4C8E-80D2-5C92AB6BD202}" = protocol=17 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20080617\instream.app\instream.exe |

"{3782E265-4299-47EC-9E67-459C911827E7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{3C1CCCFA-5DF1-4350-9E13-520928AE230F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{3F411507-3DE5-4C42-8901-8D0A19A7218B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3F692ED0-B198-4635-9CFA-F2AF98BF6DB9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{461496ED-DD5E-4BEE-A41B-2C9F13770C66}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{48A5CBEB-353E-48BC-9FE0-0AD2B55DF3EE}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{4D7D32D8-4DC4-4B37-ABDC-8151E6F278EE}" = protocol=6 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20080617\instream.app\instream.exe |

"{4EC16BE1-00B8-40AE-9538-C5E7DC45A814}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |

"{5C700863-CCD9-4F0C-8FAB-C0D967DBBA8D}" = protocol=6 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20070913\instream.app\instream.exe |

"{5D73DE0D-F907-4D99-BB71-12FB811A2835}" = protocol=6 | dir=in | app=c:\users\NAME\desktop\useful programs\utorrent.exe |

"{60DAAC78-2BDC-498C-A254-37E2546FF1F9}" = protocol=6 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20070925\instream.app\instream.exe |

"{62626F0D-7E48-4B04-9694-2A27DBB33BB9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{6283BE5D-1893-489D-A129-0B25715670A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6665E2F8-7C5F-4AB7-A6A4-A78C9D171622}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{69C65804-579A-405A-8441-84545FB29A23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{716C3CA9-95BA-4287-8084-45CC12E5DA7A}" = protocol=6 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20080617\instream.app\instream.exe |

"{80A19A13-8446-40C6-BEA9-0DA26F308BF5}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{80BBFE88-14F6-46C3-B28A-9709F72A0ACB}" = protocol=17 | dir=in | app=c:\users\NAME\desktop\useful programs\utorrent.exe |

"{862F114A-85AF-4FCD-8A67-1356AB27C302}" = protocol=17 | dir=in | app=c:\windows\temp\vrt6518.tmp |

"{8946B50F-0F27-431D-AD31-A5356F2996B4}" = protocol=17 | dir=in | app=c:\users\NAME\desktop\utorrent.exe |

"{8D3B4174-C493-4CEF-8E3C-C65D92E6D00A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8EC35B60-BFB3-4ECE-A47B-AB2E58514118}" = protocol=17 | dir=in | app=c:\windows\temp\vrt7cdf.tmp |

"{9E0FF310-6D8C-4E25-AD53-8CAD411E8B92}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{AAC5D628-4887-4D3C-8B48-F10F76215026}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{AC27B292-4F39-42B6-892B-7C44994697C0}" = protocol=6 | dir=in | app=c:\users\NAME\desktop\useful programs\utorrent.exe |

"{B0410D3F-D94C-47E1-B452-CC217AE4830A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{B53F4F10-9114-4711-BD22-77051C9FC4CE}" = protocol=17 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20070925\instream.app\instream.exe |

"{B7E0BDB5-E55C-4C0A-BDAF-142DDEF5CBB8}" = protocol=6 | dir=in | app=c:\windows\temp\vrt7cdf.tmp |

"{C5DA4E94-A52A-429E-80F8-5F4F9E3B9EFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C5F3E13A-C9DC-4AE3-80CF-15478C640F5F}" = protocol=6 | dir=in | app=c:\windows\temp\vrt6518.tmp |

"{C9CCC49C-3D8D-4D8B-9913-D21AC78146E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{CA39B31E-EF7F-461B-A049-7E739D7A84ED}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{CD9C6568-73C8-4602-99E2-876466EEB0AC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{D1E81860-CFC1-4025-95B0-7ECBB2DFF712}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D69F96F2-82D5-4C72-9E24-0A73EC55FE68}" = protocol=17 | dir=in | app=c:\users\NAME\desktop\utorrent.exe |

"{D9EA3FE9-5BED-449E-9142-897F42FA5ACC}" = protocol=17 | dir=in | app=c:\users\NAME\appdata\local\temp\instream20080121\instream.app\instream.exe |

"{DCBAA844-A1B3-41FC-9CF1-194433AB382B}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |

"{E18C51D7-F59A-4D15-9A38-C73845C9E530}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{EBF0C9D4-4637-4DC9-BBBF-A406B3555D2C}" = protocol=17 | dir=in | app=c:\users\NAME\desktop\useful programs\utorrent.exe |

"{EC2ED076-6C2B-4B0A-B67F-AC2A652D1C1F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{F37C350B-01B0-46B0-B02F-EF7BA38360C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"TCP Query User{2ECB7035-5765-434F-9560-5F15A803B605}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{39E80B4C-2507-43D6-B48E-C7B815D98B33}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{80165DEF-C0BF-4AD2-945B-5A2F9299C76E}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"TCP Query User{957F14E1-32A5-4917-ACC9-3A77D5EDB79F}C:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe |

"TCP Query User{9D626BB3-3626-44D7-B897-EC0C018C79B6}C:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe |

"TCP Query User{B1D26EDD-1F05-4A32-B01A-219C1215395C}C:\program files\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |

"TCP Query User{C35D856F-ABD1-4ACC-879A-20697023790C}C:\program files\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |

"TCP Query User{CED573BC-16AC-43B0-AD1E-389104870416}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{D64FFF60-16E3-4E4E-AA95-6BACD992AC39}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"TCP Query User{DEC9F117-3BE7-43EF-84F7-9F05BEAC114D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |

"TCP Query User{E82981F8-2C57-4FC0-9301-CAB3CDAE6E9B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |

"TCP Query User{EE9DFA6A-B95F-4911-B687-08C91AF12AC3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |

"TCP Query User{EEA143A2-001F-4342-B822-9E37283E48D0}C:\program files\steam\steamapps\NAME_sum\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\NAME_sum\half-life\hl.exe |

"UDP Query User{0B1966EA-6EB5-4BDF-87F9-B00F86FD1491}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1B93C1C3-4CED-4CF0-A4A9-8EA742EA76B5}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"UDP Query User{424D97C7-23BD-4159-816C-9A3B552A0887}C:\program files\steam\steamapps\NAME_sum\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\NAME_sum\half-life\hl.exe |

"UDP Query User{56B530CD-2743-442E-BB13-89854E83798C}C:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe |

"UDP Query User{6A961471-6130-4DB2-AC12-28537274058F}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

"UDP Query User{6E6540E4-DE5B-4799-A899-7C67E7B03E13}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

"UDP Query User{7E6F927A-9893-4FC0-A4F4-1839C78483F1}C:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\NAME_sum\counter-strike\hl.exe |

"UDP Query User{A4ECEBEF-1C7D-4043-8F6F-33703AA7F127}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{A68E9731-082F-40E0-9A07-EA0AD1BFC9B9}C:\program files\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |

"UDP Query User{AA6671D5-8AC6-4C21-9043-9520CFE17E00}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

"UDP Query User{D5817477-ADD5-4198-9B0D-83B9ABCE1647}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"UDP Query User{E0A14DEE-08FA-4C26-B9E2-6390071E1A52}C:\program files\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |

"UDP Query User{E5EDE3AE-C744-476C-B054-A51E53EFBF76}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution

"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1CD589E6-D24E-4957-BF82-941509628813}" = QPT v508

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29F2FE64-EFCE-4FC5-8FEB-16B688578F89}" = Nitro PDF Professional

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{699FBC32-57E8-4258-A311-923FC971B3AA}" = Russian Phonetic YaWert - RusWin.net

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B37FC88-2282-4EC9-92A0-F32CB0B35BEB}" = SimpLite-ICQ-AIM 2.2

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help

"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam v0.3.0

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007

"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{919635D1-5C0D-4B64-B724-BDDB31D11033}" = Nero 8 Demo

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software

"{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{EA561335-6495-47DE-A7A0-CD4ED101D4F6}" = CAM Wizard

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant

"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime

"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

"33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)

"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

"4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)

"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)

"5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)

"5C3A08B641FDA6B0C6A1F8E7C58D59E79751C364" = Windows Driver Package - Ricoh Company xD Host Controller (03/21/2007 6.00.01.12)

"67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)

"787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)

"7-Zip" = 7-Zip 4.57

"90901F9A9F890958ACBBF2B72D39FD9CAF69449D" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (02/16/2007 6.00.01.10)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"AIM_6" = AIM 6

"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19

"AVS Video Tools 5_is1" = AVS Video Tools 5.6

"AwayTask" = Maintenance Manager

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1

"Canon RAW Codec" = Canon RAW Codec

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem

"D4DFE5C72CA1FA8B290D73B613761B3A74FF1A93" = Windows Driver Package - Ricoh Company MMC Host Controller (02/24/2007 6.00.02.03)

"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

"E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)

"E40C666F7FDCD87A10F83B12403CB4F0AE34A16D" = Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)

"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)

"EasyBCD" = EasyBCD 1.7

"Ext2Ifs_for_NT6" = Ext2 IFS 1.11 for Windows Vista

"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

"GoldWave v5.23" = GoldWave v5.23

"HaaliMkx" = Haali Media Splitter

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"HPOCR" = HP OCR Software 8.0

"iCall_is1" = iCall

"Lenovo Registration" = Lenovo Registration

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)

"NB40" = NewsBin Pro 4.3

"NewzToolz_is1" = NewzToolz v2.0.1

"NVIDIA Drivers" = NVIDIA Drivers

"OnScreenDisplay" = On Screen Display

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"Picasa2" = Picasa 2

"Power Management Driver" = ThinkPad Power Management Driver

"POWERPOINT" = Microsoft Office PowerPoint 2007

"PrimoPDF3.1" = PrimoPDF

"PROPLUS" = Microsoft Office Professional Plus 2007

"PROSet" = Intel(R) PRO Network Connections Drivers

"RealAlt_is1" = Real Alternative 1.52 Lite

"RM Converter_is1" = RM Converter 3.24

"RM to MP3 Converter_is1" = RM to MP3 Converter 1.21

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"SMAC 2.0" = SMAC 2.0

"Steam" = Steam

"Steam App 10" = Counter-Strike

"The Core Media Player" = The Core Media Player 4.0

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"TweakVI" = TweakVI

"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

"uTorrent" = µTorrent

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VideoLAN VLC media player 0.8.6e

"WGA + OGA Patch_is1" = KB905474 (1.5.708)

"Windows Live Toolbar" = Windows Live Toolbar

"WinRAR archiver" = WinRAR archiver

"WORD" = Microsoft Office Word 2007

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3651070291-4180901521-1516843835-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]

Error - 9/28/2009 11:01:58 AM | Computer Name = NAME-PC | Source = EventSystem | ID = 4609

Description =

Error - 9/28/2009 11:31:19 AM | Computer Name = NAME-PC | Source = EventSystem | ID = 4609

Description =

Error - 9/28/2009 11:36:19 AM | Computer Name = NAME-PC | Source = PerfNet | ID = 2004

Description =

Error - 9/28/2009 11:36:19 AM | Computer Name = NAME-PC | Source = PerfNet | ID = 2002

Description =

Error - 9/28/2009 11:41:07 AM | Computer Name = NAME-PC | Source = Application Error | ID = 1000

Description = Faulting application exeHelper.com, version 0.0.0.0, time stamp 0x4abc9126,

faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception

code 0xc0000005, fault offset 0x0000ea1f, process id 0x7ac, application start time

0x01ca405216517a5f.

Error - 9/28/2009 11:41:19 AM | Computer Name = NAME-PC | Source = Application Error | ID = 1000

Description = Faulting application exeHelper.com, version 0.0.0.0, time stamp 0x4abc9126,

faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception

code 0xc0000005, fault offset 0x0000ea1f, process id 0x51c, application start time

0x01ca40521d97d02f.

Error - 9/28/2009 11:43:54 AM | Computer Name = NAME-PC | Source = SDWinSec.exe | ID = 0

Description =

Error - 9/28/2009 11:45:13 AM | Computer Name = NAME-PC | Source = SDWinSec.exe | ID = 0

Description =

Error - 9/28/2009 11:46:48 AM | Computer Name = NAME-PC | Source = Application Error | ID = 1000

Description = Faulting application exeHelper.com, version 0.0.0.0, time stamp 0x4abc9126,

faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception

code 0xc0000005, fault offset 0x0000ea1f, process id 0x7f4, application start time

0x01ca4052e1653d8f.

Error - 9/28/2009 11:53:45 AM | Computer Name = NAME-PC | Source = EventSystem | ID = 4609

Description =

[ Media Center Events ]

Error - 4/1/2008 10:48:18 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2008 10:21:50 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 7:23:00 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 1:22:47 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/27/2008 1:37:10 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/27/2008 7:41:47 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2009 3:22:16 AM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/26/2009 9:34:35 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/10/2009 11:09:14 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/22/2009 3:30:01 PM | Computer Name = NAME-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 9/28/2009 11:32:12 AM | Computer Name = NAME-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 9/28/2009 11:32:12 AM | Computer Name = NAME-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 9/28/2009 11:32:22 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

Error - 9/28/2009 11:53:25 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

Error - 9/28/2009 11:53:25 AM | Computer Name = NAME-PC | Source = LSM | ID = 1048

Description =

Error - 9/28/2009 11:53:35 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

Error - 9/28/2009 11:53:45 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

Error - 9/28/2009 11:53:48 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

Error - 9/28/2009 11:53:48 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

Error - 9/28/2009 11:54:25 AM | Computer Name = NAME-PC | Source = DCOM | ID = 10005

Description =

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

I see you had apparently tried Avenger previously. Was it able to run?
TheJoker

1 recommendation

TheJoker

MVM

Boot to your Ubantu installation

Delete the following files (some are hidden):
C:\Windows\System32\drivers\glaide32.sys
C:\Windows\System32\drivers\bmydqccofrzqqt.sys
C:\Users\NAME\AppData\Local\Temp\_A00F7DB00F.exe
C:\Users\NAME\AppData\Local\Temp\ma7cci.exe
C:\Users\NAME\AppData\Local\Temp\b.exe
C:\Users\NAME\AppData\Local\Temp\lsass.exe
C:\Windows\System32\vegibeya.dll
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\Windows\win32k.sys
C:\Windows\SC.INS
C:\Windows\System32\pt0sjj.dll

Now create the following zero length (empty) files:
C:\Windows\system32\__c00C3EE4.dat
C:\Windows\System32\drivers\smss.exe

I'm not familiar with Linux, but in Windows you could simply create a new file, and rename it to the above filenames.

Reboot to Windows.

Now see if you can scan with MBAM and if you can, clean everything found and then post a HijackThis log and the log from MBAM.
grandpinaple8
join:2006-01-03
New York, NY

grandpinaple8

Member

I don't remember ever using Avenger before. I was surprised to see the folder, but did a quick Google search and saw that it was mbam related... so it might be from the virus. I deleted the entire temp folder after backing it up to Ubuntu. Some of the files weren't there like vegibeya, but I assume this is because we already deleted them once. I can't find the windows/tasks directory at all... Although I did see something similar in regedt32.

I tried to use gmer to purge entries just to see what would happen earlier, but gmer can't seem to do it. If there was a way to manually find the reg entries in the regedt menu, that'd be great. I usually use Spybot to do so, but that isn't working. Thoughts on that?

Also both files you told me to create already exist. Am I replacing them with these new blank ones?