TechSpot

Explorer.exe and winlogon.exe infected with "Bamital-AC"

By lothar
Oct 3, 2010
  1. Dear all,

    I would be extraordinaraly thankfull if anyone could help me out. I am writing my masters thesis on my computer, but was infected with a whole host of malware all of a sudden. I managed to remove about 7-8 trojans using Malwarebytes, but the last ones are impossible to remove. Explorer wont start, so I can only launch tasks through the task manager.

    I ran a Avast bootup scan which came up with "Bamital-AC" for explorer.exe and winlogon.exe - but they cannot be repaired.

    I have followed the instructions posted, and below, you will find the relevant logs:
    ____________________________________________________

    First - Malwarebytes. This one came up with one thing, but then it usually stays quiet for a few hours, and if I run it again, it finds something new. This is the latest:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4735

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    2010-10-03 09:32:07
    mbam-log-2010-10-03 (09-32-07).txt

    Scan type: Quick scan
    Objects scanned: 152917
    Time elapsed: 15 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\USERX\Application Data\jsdfgs.bat (Malware.Trace) -> Quarantined and deleted successfully.

    _______________________________________
    Second, GMER log - took a long while this, and went bluescreen on me if I tried it in normal mode - this is from safe mode:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-03 17:04:49
    Windows 5.1.2600 Service Pack 2
    Running: 0r2yptox.exe; Driver: C:\DOCUME~1\Gardar\LOCALS~1\Temp\kwkiqfog.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[1128] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00C38328

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \FileSystem\Fastfat \Fat B9B3EC8A

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0x07 0x70 0xD2 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0xD0 0xBE 0xD1 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0x46 0x66 0x71 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0x07 0x70 0xD2 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0xD0 0xBE 0xD1 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0x46 0x66 0x71 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0x07 0x70 0xD2 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0xD0 0xBE 0xD1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0x46 0x66 0x71 ...

    ---- EOF - GMER 1.0.15 ----

    _____________________________________________________________
     
  2. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Continuation logs

    Then the DDS.txt (also safe mode):


    DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
    Run by XXX at 17:15:39.15 on 2010-10-03
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2550.2160 [GMT 2:00]

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\Killmalware\Software\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
    uRun: [Google Update] "c:\documents and settings\gardar\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge]
    uRun: [coreappsetup700.exe] c:\documents and settings\gardar\application data\09c01431e9f754af4838717a9e7c09e9\coreappsetup700.exe
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
    mRun: [TpShocks] TpShocks.exe
    mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
    mRun: [TP4EX] tp4ex.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - /105
    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263761883171
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263761863656
    DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www.pc.ibm.com/egather/IbmEgath.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: ACNotify - ACNotify.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - psqlpwd.dll
    Notify: tpfnf2 - notifyf2.dll
    Notify: tphotkey - tphklock.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = scecli psqlpwd ACGina
    Hosts: 192.168.0.165 HP000D9D0B24A7

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\gardar\applic~1\mozilla\firefox\profiles\o70315ni.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\gardar\application data\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\gardar\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

    ============= SERVICES / DRIVERS ===============

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-1 165584]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-15 216400]
    S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-15 29584]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-15 243024]
    S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-4-30 14336]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-1 17744]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-1 40384]
    S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
    S2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-14 58368]
    S2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-15 3968]
    S2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-26 3456]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-1 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-1 40384]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-28 29744]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
    S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\gardar\my documents\@allt\@projekt 10 000\new folder (2)\SDTHLPR.sys [2010-10-1 14873]

    =============== Created Last 30 ================

    2010-10-03 08:33:16 0 d-----w- C:\Killmalware
    2010-10-03 08:28:40 293376 ----a-w- C:\0r2yptox.exe
    2010-10-03 07:37:53 0 d-----w- c:\program files\Trend Micro
    2010-10-01 16:43:38 0 d-----w- c:\program files\ESET
    2010-10-01 13:29:47 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-01 13:29:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-10-01 10:40:15 0 d-----w- c:\program files\Sophos
    2010-09-30 18:03:20 0 d-----w- c:\documents and settings\gardar\.gimp-2.6
    2010-09-30 18:02:27 0 d-----w- c:\program files\GIMP-2.0
    2010-09-20 13:54:49 497768 ----a-w- c:\documents and settings\gardar\VirtuelleWarteschlange
    2010-09-18 13:20:15 0 d-----w- c:\program files\common files\Akamai
    2010-09-15 18:06:50 563982 ----a-w- C:\EQ_IP_192.168.75.61
    2010-09-14 07:51:50 1352 ----a-w- C:\AutoHotkey.ahk
    2010-09-10 18:21:17 0 d-----w- c:\program files\AutoHotkey

    ==================== Find3M ====================

    2010-10-03 08:44:35 3216 ----a-w- c:\windows\system32\encobject.dat
    2010-07-19 08:55:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    ============= FINISH: 17:15:55.15 ===============

    ____________________________________________________________

    Finally, the Attatch.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2008-04-28 20:59:38
    System Uptime: 2010-10-03 10:52:10 (7 hours ago)

    Motherboard: LENOVO | | 1951FDG
    Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | None | 1828/167mhz
    Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | None | 1828/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 70 GiB total, 5.251 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP438: 2010-07-04 14:52:43 - System Checkpoint
    RP439: 2010-07-05 15:01:16 - System Checkpoint
    RP440: 2010-07-09 13:28:39 - System Checkpoint
    RP441: 2010-07-11 11:57:42 - System Checkpoint
    RP442: 2010-07-12 12:58:44 - System Checkpoint
    RP443: 2010-07-19 10:54:47 - Avg Update
    RP444: 2010-07-19 10:55:49 - Avg Update
    RP445: 2010-07-20 11:27:35 - System Checkpoint
    RP446: 2010-07-21 10:32:36 - Avg Update
    RP447: 2010-07-22 12:14:54 - System Checkpoint
    RP448: 2010-07-25 01:40:27 - System Checkpoint
    RP449: 2010-07-26 02:23:35 - System Checkpoint
    RP450: 2010-07-29 16:15:11 - System Checkpoint
    RP451: 2010-07-30 22:08:46 - System Checkpoint
    RP452: 2010-08-04 11:13:29 - System Checkpoint
    RP453: 2010-07-05 14:14:07 - System Checkpoint
    RP454: 2010-07-06 15:14:50 - System Checkpoint
    RP455: 2010-08-09 15:34:56 - System Checkpoint
    RP456: 2010-08-12 20:28:04 - System Checkpoint
    RP457: 2010-08-13 20:46:36 - System Checkpoint
    RP458: 2010-08-14 21:34:06 - System Checkpoint
    RP459: 2010-08-17 18:11:55 - System Checkpoint
    RP460: 2010-08-25 21:12:41 - System Checkpoint
    RP461: 2010-08-27 07:30:55 - System Checkpoint
    RP462: 2010-08-28 10:23:20 - System Checkpoint
    RP463: 2010-08-29 14:32:27 - System Checkpoint
    RP464: 2010-08-30 19:41:04 - System Checkpoint
    RP465: 2010-08-31 19:47:05 - System Checkpoint
    RP466: 2010-09-01 15:33:21 - Configured Microsoft Office Enterprise 2007
    RP467: 2010-09-04 20:10:26 - System Checkpoint
    RP468: 2010-09-05 17:29:55 - Configured Microsoft Office Professional Plus 2010
    RP469: 2010-09-07 11:06:28 - Configured Microsoft Office Professional Plus 2010
    RP470: 2010-09-09 08:19:52 - Avg Update
    RP471: 2010-09-10 13:26:58 - Configured Microsoft Office Enterprise 2007
    RP472: 2010-09-11 14:36:05 - Configured Microsoft Office Enterprise 2007
    RP473: 2010-09-11 17:16:54 - Software Distribution Service 3.0
    RP474: 2010-09-15 08:02:41 - System Checkpoint
    RP475: 2010-09-16 14:22:52 - System Checkpoint
    RP476: 2010-09-17 16:36:35 - System Checkpoint
    RP477: 2010-09-18 15:02:32 - Removed O2 Connection Manager
    RP478: 2010-09-19 15:49:56 - System Checkpoint
    RP479: 2010-09-20 20:49:06 - System Checkpoint
    RP480: 2010-09-22 15:34:45 - System Checkpoint
    RP481: 2010-09-24 09:21:49 - Avg Update
    RP482: 2010-09-24 09:23:39 - Avg Update
    RP483: 2010-09-25 19:10:14 - System Checkpoint
    RP484: 2010-09-28 08:45:21 - System Checkpoint
    RP485: 2010-09-29 10:17:53 - System Checkpoint
    RP486: 2010-09-30 14:25:28 - System Checkpoint
    RP487: 2010-10-01 15:29:36 - avast! Free Antivirus Setup
    RP488: 2010-10-03 10:06:04 - System Checkpoint
     
  3. lothar

    lothar TS Rookie Topic Starter Posts: 25

    logs continuing

    ==== Installed Programs ======================


    Access Help
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.0 Professional
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Drive CS4
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS3
    Adobe Extension Manager CS4
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced SystemCare 3
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Arixcel Accounts 1.21
    Auto Shutdown
    AutoHotkey 1.0.48.05
    avast! Free Antivirus
    AVG Free 9.0
    BankID Security Application 4.10.4
    Bonjour
    Client Security Solution
    Connect
    Diskeeper Lite
    Dropbox
    ESET Online Scanner v3
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin Training Center
    Garmin USB Drivers
    GIMP 2.6.10
    Google Chrome
    Google Desktop
    Google Earth
    Google Update Helper
    Help Center
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hälsovakten-Aktiv
    Hotfix for Windows XP (KB889816)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB894686)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB898456)
    Hotfix for Windows XP (KB903250)
    Hotfix for Windows XP (KB909095)
    Hotfix for Windows XP (KB909667)
    Hotfix for Windows XP (KB910728)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB915800)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB918005)
    Hotfix for Windows XP (KB918837)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD
    InterVideo WinDVD Creator 3
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 17
    kuler
    Lenovo Battery Program
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    Message Center
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010 (Beta)
    Microsoft Office Access MUI (Swedish) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010 (Beta)
    Microsoft Office Excel MUI (Swedish) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove MUI (English) 2010 (Beta)
    Microsoft Office Groove MUI (Swedish) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2010 (Beta)
    Microsoft Office InfoPath MUI (Swedish) 2007
    Microsoft Office Language Pack 2007 - Swedish/svenska
    Microsoft Office O MUI (Swedish) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2010 (Beta)
    Microsoft Office OneNote MUI (Swedish) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010 (Beta)
    Microsoft Office Outlook MUI (Swedish) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010 (Beta)
    Microsoft Office PowerPoint MUI (Swedish) 2007
    Microsoft Office Professional Plus 2010
    Microsoft Office Professional Plus 2010 (Beta)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010 (Beta)
    Microsoft Office Proof (Finnish) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010 (Beta)
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010 (Beta)
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010 (Beta)
    Microsoft Office Proofing (Swedish) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010 (Beta)
    Microsoft Office Publisher MUI (Swedish) 2007
    Microsoft Office Send-a-Smile
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010 (Beta)
    Microsoft Office Shared MUI (Swedish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    Microsoft Office SharePoint Designer MUI (Swedish) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010 (Beta)
    Microsoft Office Word MUI (Swedish) 2007
    Microsoft Office X MUI (Swedish) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (English) 14 (Beta)
    Microsoft Software Update for Web Folders (Swedish) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mMHouse
    Mozilla Firefox (3.5.9)
    mPfMgr
    mProSafe
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    mWlsSafe
    mXML
    Octoshape Streaming Services
    OpenProj
    PASW Statistics 18
    PC-Axis 2008
    PC-Doctor 5 for Windows
    PC Suite for Sony Ericsson
    PDF Settings CS4
    Photoshop Camera Raw
    Picasa 2
    Productivity Center Supplement for ThinkPad
    QuickTime
    Rationale 2
    Real Alternative 1.8.2
    RecordNow Audio
    RecordNow Copy
    RecordNow Data
    Remove Multimedia Center
    Rescue and Recovery
    Safari
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB976325)
    Skype web features
    Skype™ 4.2
    Smart Defrag
    SmartFTP Client
    SmartFTP Client 3.0 Setup Files (remove only)
    Sony Ericsson Symbian 9 Drivers
    Sophos Anti-Rootkit 1.5.4
    SoundMAX
    SportTracks 2.1
    Spotify
    Stata 11
    Suite Shared Configuration CS4
    Sun ODF Plugin for Microsoft Office 3.1
    System Migration Assistant
    System Update
    TagScanner 5.0 build 516
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad Configuration
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad Keyboard Customizer Utility
    ThinkPad Modem
    ThinkPad PC Card Power Policy
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad Presentation Director
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Wizard
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Away Manager
    ThinkVantage Fingerprint Software 5.5
    ThinkVantage Productivity Center
    ThinkVantage System Update Toolbar Button for IE
    ThinkVantage Technologies Welcome Message
    TrackPoint Accessibility Features
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoLAN VLC media player 0.8.6f
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    vixy converter uninstall
    Vuze
    Wallpapers
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Easy Transfer for Windows 7
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player Firefox Plugin
    Windows Search 4.0
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883517
    Windows XP Hotfix - KB883523
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB884575
    Windows XP Hotfix - KB884868
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB885894
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889315
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB896613
    WinRAR archiver
    XMind
    XP Themes
    ZSMC USB PC Camera
     
  4. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Last logs

    ==== Event Viewer Messages From Past Week ========

    2010-10-03 10:54:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD ANC aswSP aswTdi AvgLdx86 AvgMfx86 AvgTdiX Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ShockMgr Smapint sptd Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP
    2010-10-03 10:47:37, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 ANC aswSP aswTdi AvgLdx86 AvgMfx86 Fips IBMTPCHK intelppm ShockMgr Smapint sptd TDSMAPI TPHKDRV TPPWRIF TSMAPIP
    2010-10-03 10:21:25, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    2010-10-03 10:21:25, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    2010-10-03 10:21:25, error: Service Control Manager [7034] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s).
    2010-10-03 10:21:25, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2010-10-03 10:21:25, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2010-10-03 10:21:24, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
    2010-10-03 10:21:24, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
    2010-10-03 10:21:24, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    2010-10-03 10:21:24, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    2010-10-02 22:52:42, error: Dhcp [1002] - The IP address lease 192.168.1.50 for the Network Card with network address 0018DE0224CE has been denied by the DHCP server 172.21.248.68 (The DHCP Server sent a DHCPNACK message).
    2010-10-02 12:36:04, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
    2010-10-02 10:33:10, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2010-10-02 09:35:02, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2010-10-01 00:09:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2010-10-01 00:02:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2010-09-30 20:43:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2010-09-30 20:42:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2010-09-30 20:42:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC AvgLdx86 AvgMfx86 AvgTdiX Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ShockMgr Smapint sptd Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP
    2010-09-30 20:42:41, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-09-30 20:42:41, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-09-30 20:42:41, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-09-30 20:42:41, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-09-30 20:42:41, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-09-30 20:42:41, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-09-30 20:38:39, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC AvgLdx86 AvgMfx86 Fips IBMTPCHK intelppm ShockMgr Smapint sptd TDSMAPI TPHKDRV TPPWRIF TSMAPIP
    2010-09-30 20:37:14, error: sptd [4] - Driver detected an internal error in its data structures for .
    2010-09-30 20:08:40, error: Service Control Manager [7000] - The Intel(r) 82801 Audio Driver Install Service (WDM) service failed to start due to the following error: A device attached to the system is not functioning.
    2010-09-30 17:19:43, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE0224CE. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    2010-09-30 17:19:40, error: Dhcp [1002] - The IP address lease 192.168.200.22 for the Network Card with network address 0018DE0224CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2010-09-30 14:05:15, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    2010-09-30 14:05:15, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    2010-09-30 10:05:57, error: Dhcp [1002] - The IP address lease 192.168.1.50 for the Network Card with network address 0018DE0224CE has been denied by the DHCP server 192.168.50.10 (The DHCP Server sent a DHCPNACK message).
    2010-09-29 12:28:17, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE0224CE. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    2010-09-28 09:47:05, error: Dhcp [1002] - The IP address lease 192.168.1.50 for the Network Card with network address 0018DE0224CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2010-09-28 08:30:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.

    ==== End Of File ===========================


    As I said - I really hope that someone might find it in their heart to help me. Thank you.

    Best,
    Lothar
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    You're running two AV programs, Avast and AVG.
    One of them has to go.
    If AVG (preferably), use AVG Remover: http://www.avg.com/us-en/download-tools

    ==========================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Done

    Thank you very much for your help!

    I have pasted the relevant logs below. Explorer now loads on startup and everything seems to be working up to par. Do I dare use the computer for thesis writing now?

    Thanks again.

    ____________________________________________________________
    Combofix log:


    ComboFix 10-10-02.02 - Gardar 2010-10-03 20:48:19.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2550.2018 [GMT 2:00]
    Running from: c:\documents and settings\Gardar\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\USERXXX\odp-3.1-bin-windows-en-US.exe

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\backup\winlogon.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
    .

    2010-10-03 08:33 . 2010-10-03 18:32 -------- d-----w- C:\Killmalware
    2010-10-03 08:28 . 2010-10-03 08:28 293376 ----a-w- C:\0r2yptox.exe
    2010-10-03 07:37 . 2010-10-03 07:37 -------- d-----w- c:\program files\Trend Micro
    2010-10-01 16:43 . 2010-10-01 16:43 -------- d-----w- c:\program files\ESET
    2010-10-01 13:30 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-01 13:30 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-01 13:30 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-01 13:30 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-01 13:30 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-01 13:30 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-01 13:30 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-01 13:29 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-01 13:29 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-01 13:29 . 2010-10-01 13:29 -------- d-----w- c:\program files\Alwil Software
    2010-10-01 13:29 . 2010-10-01 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-01 10:40 . 2010-10-01 10:40 -------- d-----w- c:\program files\Sophos
    2010-09-30 18:03 . 2010-09-30 18:05 -------- d-----w- c:\documents and settings\Gardar\.gimp-2.6
    2010-09-30 18:02 . 2010-09-30 18:02 -------- d-----w- c:\program files\GIMP-2.0
    2010-09-18 15:12 . 2010-09-18 15:12 -------- d-----w- c:\program files\Adobe Media Player
    2010-09-18 15:10 . 2010-09-18 15:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-09-18 13:20 . 2010-10-03 18:58 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-10 18:21 . 2010-09-10 18:21 -------- d-----w- c:\program files\AutoHotkey

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-03 18:58 . 2008-05-02 07:54 3216 ----a-w- c:\windows\system32\encobject.dat
    2010-10-03 18:29 . 2009-11-15 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-10-02 08:32 . 2008-04-28 18:28 -------- d-----w- c:\program files\Java
    2010-10-01 22:10 . 2008-05-16 14:36 -------- d-----w- c:\documents and settings\Gardar\Application Data\Spotify
    2010-10-01 07:29 . 2008-04-28 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-09-30 22:34 . 2010-06-19 16:18 -------- d-----w- c:\program files\Pcaxis2008
    2010-09-30 22:34 . 2009-11-19 22:19 -------- d-----w- c:\program files\Vuze
    2010-09-30 22:34 . 2009-10-07 13:21 -------- d-----w- c:\program files\Hälsovakten-Aktiv
    2010-09-30 22:34 . 2009-08-21 11:47 -------- d-----w- c:\program files\Arixcel Accounts
    2010-09-30 22:34 . 2008-05-09 18:37 -------- d-----w- c:\program files\HP
    2010-09-30 18:00 . 2008-09-30 20:28 -------- d-----w- c:\documents and settings\Gardar\Application Data\Skype
    2010-09-30 16:11 . 2008-09-30 20:29 -------- d-----w- c:\documents and settings\Gardar\Application Data\skypePM
    2010-09-28 21:26 . 2008-04-30 11:16 -------- d-----w- c:\documents and settings\Gardar\Application Data\Azureus
    2010-09-27 19:06 . 2010-02-21 17:24 -------- d-----w- c:\documents and settings\Gardar\Application Data\Dropbox
    2010-09-27 16:49 . 2009-11-06 08:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-25 11:31 . 2008-04-28 18:25 -------- d-----w- c:\program files\Google
    2010-09-22 12:26 . 2009-08-19 15:44 -------- d-----w- c:\program files\XMind
    2010-09-18 15:27 . 2008-04-28 19:11 71616 ----a-w- c:\documents and settings\Gardar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-09-18 15:21 . 2008-04-28 11:44 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-12 22:55 . 2010-03-10 13:32 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-07 09:08 . 2008-04-28 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-22 08:38 . 2010-07-22 08:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2008-09-15 20:40 . 2008-09-15 20:40 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
    "Google Update"="c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
    "TpShocks"="TpShocks.exe" [2006-03-16 106496]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]
    "PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
    2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
    "c:\\Program Files\\ASoft\\AutoExit\\aeclient.exe"=
    "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
    "c:\\Documents and Settings\\Gardar\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Documents and Settings\\Gardar\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "1043:TCP"= 1043:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-01 165584]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2006-04-30 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-01 17744]
    R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-14 58368]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-15 3968]
    R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-26 3456]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 133104]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-28 29744]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
    S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\Gardar\My Documents\@Allt\@Projekt 10 000\New Folder (2)\SDTHLPR.sys [2010-10-01 14873]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-04-15 691696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 07:09]

    2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 07:09]

    2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954473801-753732875-683532963-1005Core.job
    - c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:54]

    2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954473801-753732875-683532963-1005UA.job
    - c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:54]

    2010-10-03 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-28 16:13]

    2010-09-19 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-10 12:48]

    2010-09-30 c:\windows\Tasks\vakna.job
    - c:\documents and settings\Gardar\My Documents\My Music\vakna.m3u [2008-04-28 21:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - /105
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\Gardar\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
     
  7. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Continued

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-AdobeBridge - (no file)
    HKCU-Run-coreappsetup700.exe - c:\documents and settings\Gardar\Application Data\09C01431E9F754AF4838717A9E7C09E9\coreappsetup700.exe
    HKLM-Run-ISUSPM Startup - c:\progra~1\common~1\instal~1\update~1\isuspm.exe
    HKLM-Run-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    Notify-ACNotify - ACNotify.dll
    Notify-avgrsstarter - avgrsstx.dll
    Notify-NavLogon - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-03 21:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\A.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1356)
    c:\windows\system32\vrlogon.dll
    c:\windows\system32\tvt_gina.dll
    c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll
    c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll
    c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
    c:\program files\Lenovo\Client Security Solution\csswait.dll
    c:\program files\Common Files\Lenovo\tvt_banner.dll
    c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll
    c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll
    c:\program files\Lenovo\Client Security Solution\tvttsp.dll
    c:\program files\Lenovo\Client Security Solution\tcsrpc.dll
    c:\program files\Common Files\Lenovo\tvt_res.dll
    c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\VTI.DLL
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\windows\system32\tphklock.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    c:\program files\Lenovo\AwayTask\AwayNotify.dll

    - - - - - - - > 'lsass.exe'(1412)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

    - - - - - - - > 'explorer.exe'(4608)
    c:\windows\system32\WININET.dll
    c:\windows\system32\PROCHLP.DLL
    c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
    c:\progra~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL
    c:\progra~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
    c:\windows\system32\Sensor.dll
    c:\windows\system32\igfxdev.dll
    c:\windows\system32\webcheck.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\TpShocks.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-03 21:10:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-03 19:10

    Pre-Run: 3,691,438,080 bytes free
    Post-Run: 4,605,005,824 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 9B3963F5BB0248918BD404CEFB95FE33

    _________________________________________________________

    MBR-check:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 163):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9EB4000 spbn.sys
    0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xB9E6E000 ACPI.sys
    0xB9E5D000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9E3F000 pcmcia.sys
    0xBA0B8000 MountMgr.sys
    0xB9E20000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9DFA000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xB9DE4000 Shockprf.sys
    0xBA0C8000 VolSnap.sys
    0xB9DCC000 atapi.sys
    0xB9CF6000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9CD6000 fltMgr.sys
    0xB9CC4000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9CAD000 KSecDD.sys
    0xB9C20000 Ntfs.sys
    0xB9BF3000 NDIS.sys
    0xB9BD8000 Mup.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB938F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB937B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9356000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB9329000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xB9187000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
    0xBA490000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9164000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA498000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB94BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9138000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA4B0000 \SystemRoot\system32\DRIVERS\nscirda.sys
    0xB9B0F000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xBA340000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
    0xB9B07000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB9B03000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0xB94AD000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA348000 \SystemRoot\system32\drivers\iviaspi.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9115000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA358000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB90DC000 \SystemRoot\System32\Drivers\as52tuc7.SYS
    0xB9010000 \SystemRoot\system32\DRIVERS\btkrnl.sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
    0xBA6A7000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA3C8000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA5A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8FF9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8FE8000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA138000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA3D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA3E0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8FB7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA602000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8F5E000 \SystemRoot\system32\DRIVERS\update.sys
    0xB95D4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\zebrceb.sys
    0xBA606000 \SystemRoot\system32\DRIVERS\zebrwh.sys
    0xB8A0A000 \SystemRoot\system32\drivers\btaudio.sys
    0xB89E8000 \SystemRoot\system32\drivers\portcls.sys
    0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys
    0xBA2E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA0231000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA021A000 \SystemRoot\system32\drivers\AEAudio.sys
    0x9EB2C000 \SystemRoot\system32\DRIVERS\hsxhwazl.sys
    0x9EA35000 \SystemRoot\system32\DRIVERS\hsx_dpv.sys
    0x9E97F000 \SystemRoot\system32\DRIVERS\hsx_cnxt.sys
    0xA1C25000 \SystemRoot\System32\Drivers\Modem.SYS
    0x9A279000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5BC000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA5BE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x9A766000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5C0000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA2E51000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA2E35000 \SystemRoot\System32\drivers\vga.sys
    0xBA5C4000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5C6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA2E2D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA2E25000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA36E6000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0x991EA000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0x99191000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0x9A259000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x99170000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x99136000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x99B9A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9A1AF000 \SystemRoot\System32\Drivers\tcusb.sys
    0x9910E000 \SystemRoot\system32\DRIVERS\netbt.sys
    0x990EC000 \SystemRoot\System32\drivers\afd.sys
    0x99B8A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9A1A7000 \SystemRoot\System32\drivers\TSMAPIP.SYS
    0x9A19F000 \SystemRoot\System32\drivers\Tppwrif.sys
    0x99819000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
    0x99811000 \SystemRoot\System32\drivers\TDSMAPI.SYS
    0x99809000 \SystemRoot\System32\drivers\Smapint.sys
    0xBA5DA000 \SystemRoot\System32\Drivers\ShockMgr.SYS
    0x990A1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x99032000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA5E0000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
    0x99B5A000 \SystemRoot\System32\Drivers\Fips.SYS
    0x997F9000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0x98FFE000 \SystemRoot\System32\Drivers\avgldx86.sys
    0x98FD7000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x994BE000 \SystemRoot\System32\drivers\ANC.SYS
    0xA033C000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xA86FA000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA2EA1000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA032C000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7B1000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF021000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF043000 \SystemRoot\System32\ialmdev5.DLL
    0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB9B1F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9A76C000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
    0xBA3F8000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x98FC1000 \SystemRoot\system32\DRIVERS\irda.sys
    0xA76A2000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA3752000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x98F82000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x98E3E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0x98DDD000 \SystemRoot\System32\Drivers\adfs.SYS
    0x98E2E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x98D13000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA60A000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
    0xBA318000 \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
    0x9EB6D000 \??\C:\Program Files\SMI2\smi2.sys
    0x98B73000 \??\C:\WINDOWS\system32\drivers\tvtfilter.sys
    0x9A1CF000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x97FC0000 \SystemRoot\system32\drivers\wdmaud.sys
    0x9888B000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA86A2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x97629000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    1260 C:\WINDOWS\system32\smss.exe
    1332 csrss.exe
    1356 C:\WINDOWS\system32\winlogon.exe
    1408 C:\WINDOWS\system32\services.exe
    1420 C:\WINDOWS\system32\lsass.exe
    1584 C:\WINDOWS\system32\ibmpmsvc.exe
    1612 C:\WINDOWS\system32\svchost.exe
    1712 svchost.exe
    1752 C:\WINDOWS\system32\svchost.exe
    1816 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1888 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    196 svchost.exe
    232 svchost.exe
    608 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    984 C:\WINDOWS\system32\spoolsv.exe
    1060 svchost.exe
    1328 C:\WINDOWS\system32\IPSSVC.EXE
    1336 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    1648 C:\WINDOWS\system32\svchost.exe
    1676 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1940 C:\Program Files\Bonjour\mDNSResponder.exe
    2024 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    376 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    704 C:\WINDOWS\system32\HPZipm12.exe
    1032 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    1156 C:\WINDOWS\system32\svchost.exe
    1228 C:\Program Files\Lenovo\System Update\SUService.exe
    2188 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    2212 C:\WINDOWS\system32\TPHDEXLG.exe
    2236 C:\WINDOWS\system32\TpKmpSvc.exe
    2284 tvttcsd.exe
    2300 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    2316 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    2340 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    2372 wdfmgr.exe
    2416 C:\WINDOWS\system32\searchindexer.exe
    2440 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    2468 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    3212 C:\Program Files\AVG\AVG9\avgrsx.exe
    1268 alg.exe
    3128 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    3664 C:\WINDOWS\system32\wscntfy.exe
    4068 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    3520 C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    3708 C:\Program Files\Internet Explorer\iexplore.exe
    3208 C:\Program Files\Internet Explorer\iexplore.exe
    336 C:\WINDOWS\system32\ctfmon.exe
    4700 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    4120 OSPPSVC.EXE
    6020 C:\Program Files\Internet Explorer\iexplore.exe
    4944 C:\WINDOWS\system32\taskmgr.exe
    4836 C:\Documents and Settings\Gardar\Local Settings\Temporary Internet Files\Content.IE5\MFWXMD0T\avgremover[1].exe
    5564 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    5800 C:\Program Files\AVG\AVG9\avgnsx.exe
    2744 C:\Program Files\AVG\AVG9\avgchsvx.exe
    2736 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    4888 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    3848 C:\Program Files\Internet Explorer\iexplore.exe
    5472 C:\WINDOWS\system32\searchprotocolhost.exe
    5688 searchfilterhost.exe
    908 C:\Documents and Settings\Gardar\Local Settings\Temporary Internet Files\Content.IE5\AF8ZWJKF\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: HTS541080G9SA00, Rev: MB4IC60R

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 760A5476906D172E33953284E7B301E3B43752B5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:



    There - hope all is there.

    Hope you can hit me back soon so I can get working on that thesis :)

    Thanks again.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're very welcome :)

    It looks like Combofix was able to replace crucial system files infected by Bamital, with healthy one.
    We'll keep checking...

    Meanwhile, your MBR seems to be infected as well.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  9. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Thanks again!

    Tools seems to have worked, this is the log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 156):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9F4A000 pcmcia.sys
    0xBA0B8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F05000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xB9EEF000 Shockprf.sys
    0xBA0C8000 VolSnap.sys
    0xB9ED7000 atapi.sys
    0xB9E01000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9DE1000 fltMgr.sys
    0xB9DCF000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9DB8000 KSecDD.sys
    0xB9D2B000 Ntfs.sys
    0xB9CFE000 NDIS.sys
    0xB9CE3000 Mup.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB92A0000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB928C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9267000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB923A000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xB9098000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9075000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA488000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA490000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9049000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xBA5F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA498000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\nscirda.sys
    0xB9C0E000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xBA4A8000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
    0xBA584000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xBA588000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA340000 \SystemRoot\system32\drivers\iviaspi.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9026000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA4B0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB8F5A000 \SystemRoot\system32\DRIVERS\btkrnl.sys
    0xBA350000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
    0xBA714000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA358000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xBA360000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8F43000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB9670000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB9660000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8F32000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB9650000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA370000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA378000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8F01000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB9640000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8EA8000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9CBB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9630000 \SystemRoot\system32\DRIVERS\zebrceb.sys
    0xBA600000 \SystemRoot\system32\DRIVERS\zebrwh.sys
    0xB8E5A000 \SystemRoot\system32\drivers\btaudio.sys
    0xB8E38000 \SystemRoot\system32\drivers\portcls.sys
    0xB9610000 \SystemRoot\system32\drivers\drmk.sys
    0xB9600000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9FB5D000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0x9FB46000 \SystemRoot\system32\drivers\AEAudio.sys
    0x9FB0C000 \SystemRoot\system32\DRIVERS\hsxhwazl.sys
    0x9FA15000 \SystemRoot\system32\DRIVERS\hsx_dpv.sys
    0x9F95F000 \SystemRoot\system32\DRIVERS\hsx_cnxt.sys
    0xA2DA2000 \SystemRoot\System32\Drivers\Modem.SYS
    0xA098B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5E8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA5EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6FA000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5EC000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA2D8A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA2D82000 \SystemRoot\System32\drivers\vga.sys
    0xBA5EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA1E2D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA1E25000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA2EDE000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0x9F7E0000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0x9F787000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA096B000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x9F766000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x9F73E000 \SystemRoot\system32\DRIVERS\netbt.sys
    0x9F71C000 \SystemRoot\System32\drivers\afd.sys
    0xA095B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA094B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA1E1D000 \SystemRoot\System32\drivers\TSMAPIP.SYS
    0xA1E15000 \SystemRoot\System32\drivers\Tppwrif.sys
    0xA1E0D000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
    0xA1E05000 \SystemRoot\System32\drivers\TDSMAPI.SYS
    0xA1DFD000 \SystemRoot\System32\drivers\Smapint.sys
    0xBA5F2000 \SystemRoot\System32\Drivers\ShockMgr.SYS
    0x9F6D1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9F63A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA5F4000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
    0xA091B000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA1DF5000 \SystemRoot\System32\Drivers\tcusb.sys
    0x9F613000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xA1661000 \SystemRoot\System32\drivers\ANC.SYS
    0xA05F2000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0x9936F000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x993D3000 \SystemRoot\System32\drivers\Dxapi.sys
    0x993E7000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0x9F348000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF021000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF043000 \SystemRoot\System32\ialmdev5.DLL
    0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB8E18000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xBA6C4000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
    0x982B7000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x98299000 \SystemRoot\system32\DRIVERS\irda.sys
    0xB8E2C000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA859F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9825A000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x980EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA388000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0x980B5000 \SystemRoot\System32\Drivers\adfs.SYS
    0x9812A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x97FEB000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA648000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
    0xA090B000 \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
    0xBA7C4000 \??\C:\Program Files\SMI2\smi2.sys
    0x98049000 \??\C:\WINDOWS\system32\drivers\tvtfilter.sys
    0xBA438000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x97806000 \SystemRoot\system32\drivers\wdmaud.sys
    0x97E1B000 \SystemRoot\system32\drivers\sysaudio.sys
    0x977B8000 \SystemRoot\system32\drivers\kmixer.sys
    0x974F7000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 77):
    0 System Idle Process
    4 System
    1284 C:\WINDOWS\system32\smss.exe
    1332 csrss.exe
    1356 C:\WINDOWS\system32\winlogon.exe
    1400 C:\WINDOWS\system32\services.exe
    1412 C:\WINDOWS\system32\lsass.exe
    1588 C:\WINDOWS\system32\ibmpmsvc.exe
    1616 C:\WINDOWS\system32\svchost.exe
    1716 svchost.exe
    1912 C:\WINDOWS\system32\svchost.exe
    1976 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    300 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    504 svchost.exe
    608 svchost.exe
    1020 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1960 C:\WINDOWS\system32\spoolsv.exe
    920 svchost.exe
    1084 C:\WINDOWS\system32\IPSSVC.EXE
    1100 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    716 C:\WINDOWS\system32\svchost.exe
    1188 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1216 C:\Program Files\Bonjour\mDNSResponder.exe
    1804 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    1820 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    628 C:\WINDOWS\system32\HPZipm12.exe
    868 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    1128 C:\WINDOWS\system32\svchost.exe
    1864 C:\Program Files\Lenovo\System Update\SUService.exe
    2236 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    2260 C:\WINDOWS\system32\TPHDEXLG.exe
    2272 C:\WINDOWS\system32\TpKmpSvc.exe
    2332 tvttcsd.exe
    2352 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    2364 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    2388 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    2412 wdfmgr.exe
    2460 C:\WINDOWS\system32\searchindexer.exe
    2488 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    2520 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    2548 C:\WINDOWS\system32\wuauclt.exe
    3788 wmiprvse.exe
    4020 alg.exe
    2664 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    3916 C:\WINDOWS\system32\wscntfy.exe
    2828 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    580 C:\WINDOWS\explorer.exe
    2760 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    808 C:\WINDOWS\system32\ctfmon.exe
    3316 C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    3060 C:\WINDOWS\system32\rundll32.exe
    3756 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    404 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2936 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
    2084 C:\WINDOWS\system32\TpShocks.exe
    248 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    2892 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    400 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    4076 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    2516 C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
    840 C:\WINDOWS\system32\hkcmd.exe
    2620 C:\WINDOWS\system32\igfxpers.exe
    1520 C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
    460 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    2660 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    2076 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    3312 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    532 C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
    668 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    592 C:\Program Files\iTunes\iTunesHelper.exe
    2192 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3828 C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    4584 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    5064 C:\Program Files\iPod\bin\iPodService.exe
    6120 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    4372 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrodist.exe
    5024 C:\Documents and Settings\Gardar\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: HTS541080G9SA00, Rev: MB4IC60R

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!



    Everything seems to be working smoothly now to, so dare we sound the trumpets of victory - or are there further checks that should be run?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Very good, but we have to keep checking....

    Post fresh Combofix log.
     
  11. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Sure:

    ComboFix 10-10-04.02 - Gardar 2010-10-05 14:47:34.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2550.1729 [GMT 2:00]
    Running from: c:\documents and settings\Gardar\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
    .

    2010-10-03 08:33 . 2010-10-03 18:32 -------- d-----w- C:\Killmalware
    2010-10-03 08:28 . 2010-10-03 08:28 293376 ----a-w- C:\0r2yptox.exe
    2010-10-03 07:37 . 2010-10-03 07:37 -------- d-----w- c:\program files\Trend Micro
    2010-10-01 16:43 . 2010-10-01 16:43 -------- d-----w- c:\program files\ESET
    2010-10-01 13:30 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-01 13:30 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-01 13:30 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-01 13:30 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-01 13:30 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-01 13:30 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-01 13:30 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-01 13:29 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-01 13:29 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-01 13:29 . 2010-10-01 13:29 -------- d-----w- c:\program files\Alwil Software
    2010-10-01 13:29 . 2010-10-01 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-01 10:40 . 2010-10-01 10:40 -------- d-----w- c:\program files\Sophos
    2010-09-30 18:03 . 2010-09-30 18:05 -------- d-----w- c:\documents and settings\Gardar\.gimp-2.6
    2010-09-30 18:02 . 2010-09-30 18:02 -------- d-----w- c:\program files\GIMP-2.0
    2010-09-18 15:12 . 2010-09-18 15:12 -------- d-----w- c:\program files\Adobe Media Player
    2010-09-18 15:10 . 2010-09-18 15:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-09-18 13:20 . 2010-10-05 12:35 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-10 18:21 . 2010-09-10 18:21 -------- d-----w- c:\program files\AutoHotkey

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 12:41 . 2008-09-30 20:28 -------- d-----w- c:\documents and settings\Gardar\Application Data\Skype
    2010-10-05 10:51 . 2008-05-16 14:36 -------- d-----w- c:\documents and settings\Gardar\Application Data\Spotify
    2010-10-05 07:36 . 2008-05-02 07:54 3216 ----a-w- c:\windows\system32\encobject.dat
    2010-10-05 07:35 . 2008-09-30 20:29 -------- d-----w- c:\documents and settings\Gardar\Application Data\skypePM
    2010-10-03 18:29 . 2009-11-15 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-10-02 08:32 . 2008-04-28 18:28 -------- d-----w- c:\program files\Java
    2010-10-01 07:29 . 2008-04-28 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-09-30 22:34 . 2010-06-19 16:18 -------- d-----w- c:\program files\Pcaxis2008
    2010-09-30 22:34 . 2009-10-07 13:21 -------- d-----w- c:\program files\Hälsovakten-Aktiv
    2010-09-30 22:34 . 2009-08-21 11:47 -------- d-----w- c:\program files\Arixcel Accounts
    2010-09-30 22:34 . 2008-05-09 18:37 -------- d-----w- c:\program files\HP
    2010-09-27 19:06 . 2010-02-21 17:24 -------- d-----w- c:\documents and settings\Gardar\Application Data\Dropbox
    2010-09-27 16:49 . 2009-11-06 08:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-25 11:31 . 2008-04-28 18:25 -------- d-----w- c:\program files\Google
    2010-09-22 12:26 . 2009-08-19 15:44 -------- d-----w- c:\program files\XMind
    2010-09-18 15:27 . 2008-04-28 19:11 71616 ----a-w- c:\documents and settings\Gardar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-09-18 15:21 . 2008-04-28 11:44 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-12 22:55 . 2010-03-10 13:32 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-07 09:08 . 2008-04-28 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-22 08:38 . 2010-07-22 08:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2008-09-15 20:40 . 2008-09-15 20:40 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
    "Google Update"="c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
    "TpShocks"="TpShocks.exe" [2006-03-16 106496]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]
    "PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
    2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
    "c:\\Program Files\\ASoft\\AutoExit\\aeclient.exe"=
    "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
    "c:\\Documents and Settings\\Gardar\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Documents and Settings\\Gardar\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "1043:TCP"= 1043:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-01 165584]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2006-04-30 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-01 17744]
    R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-14 58368]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-15 3968]
    R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-26 3456]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 133104]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-28 29744]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
    S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\Gardar\My Documents\@Allt\@Projekt 10 000\New Folder (2)\SDTHLPR.sys [2010-10-01 14873]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-04-15 691696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 07:09]

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 07:09]

    2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954473801-753732875-683532963-1005Core.job
    - c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:54]

    2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954473801-753732875-683532963-1005UA.job
    - c:\documents and settings\Gardar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:54]

    2010-10-05 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-28 16:13]

    2010-10-05 c:\windows\Tasks\vakna.job
    - c:\documents and settings\Gardar\My Documents\My Music\vakna.m3u [2008-04-28 21:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - /105
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
    .

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\A.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1356)
    c:\windows\system32\vrlogon.dll
    c:\windows\system32\tvt_gina.dll
    c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll
    c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll
    c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
    c:\program files\Lenovo\Client Security Solution\csswait.dll
    c:\program files\Common Files\Lenovo\tvt_banner.dll
    c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll
    c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll
    c:\program files\Lenovo\Client Security Solution\tvttsp.dll
    c:\program files\Lenovo\Client Security Solution\tcsrpc.dll
    c:\program files\Common Files\Lenovo\tvt_res.dll
    c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\VTI.DLL
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll
    c:\windows\system32\tphklock.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    c:\program files\Lenovo\AwayTask\AwayNotify.dll
    c:\windows\system32\igfxdev.dll
    c:\windows\system32\notifyf2.dll

    - - - - - - - > 'lsass.exe'(1412)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

    - - - - - - - > 'explorer.exe'(5244)
    c:\windows\system32\WININET.dll
    c:\windows\system32\PROCHLP.DLL
    c:\documents and settings\Gardar\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2010-10-05 14:58:47
    ComboFix-quarantined-files.txt 2010-10-05 12:58
    ComboFix2.txt 2010-10-03 19:10

    Pre-Run: 4,465,684,480 bytes free
    Post-Run: 4,438,233,088 bytes free

    - - End Of File - - 58E0F34A017F5901904C4B788DB93E37


    Whats next my hero in shining fur?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Hahaha...

    Combofix log looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Done:

    OTL Extras logfile created on: 2010-10-06 08:52:03 - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\UserX\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.09 Gb Total Space | 4.12 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: USERx-B7CX78EF
    Current User Name: USER X
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "1043:TCP" = 1043:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
     
  14. lothar

    lothar TS Rookie Topic Starter Posts: 25

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
    "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe" = C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module -- (Intuwave Ltd.)
    "C:\Program Files\ASoft\AutoExit\aeclient.exe" = C:\Program Files\ASoft\AutoExit\aeclient.exe:*:Disabled:public Release Version -- (Asseloos Software)
    "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
    "C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
    "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
    "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
    "C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
    "C:\Documents and Settings\USERX\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Gardar\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
    "C:\Documents and Settings\USERX\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Gardar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
    "{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
    "{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
    "{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
    "{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
    "{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
    "{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
    "{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
    "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
    "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
    "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
    "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
    "{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
    "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
    "{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
    "{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
    "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
    "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
    "{220688FD-4E64-4810-B31A-32C3895DFDFA}_is1" = Auto Shutdown
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
    "{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = ZSMC USB PC Camera
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
    "{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
    "{53C239F5-7E23-493D-8FB6-F8EEEA5C2154}" = Garmin Training Center
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
    "{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
    "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
    "{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
    "{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0010-041D-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Swedish) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
    "{90120000-0017-041D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Swedish) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
    "{90120000-0100-041D-0000-0000000FF1CE}" = Microsoft Office O MUI (Swedish) 2007
    "{90120000-0101-041D-0000-0000000FF1CE}" = Microsoft Office X MUI (Swedish) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
    "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
    "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
    "{B0BA1154-5C9C-47B7-8D60-B29ACF2FA16D}_is1" = Arixcel Accounts 1.21
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
    "{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
    "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
    "{C668C1D0-0921-4C69-AA2D-C8D05708B6C5}_is1" = Rationale 2
    "{C67F36D2-DE45-40B4-8D87-DF4A66A59532}" = PC Suite for Sony Ericsson
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
    "{DA320635-F48C-4613-8325-D75A933C549E}" = ThinkVantage System Update Toolbar Button for IE
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
    "{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
    "{E4A72492-6674-46F4-8322-7FE498B6CD17}" = Google Desktop
    "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
    "{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
    "{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
    "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
    "{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "8461-7759-5462-8226" = Vuze
    "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "Akamai" = Akamai NetSession Interface
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "avast5" = avast! Free Antivirus
    "AwayTask" = ThinkVantage Away Manager
    "Azureus" = Azureus
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
     
  15. lothar

    lothar TS Rookie Topic Starter Posts: 25

    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Desktop" = Google Desktop
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
    "mRouterRuntime" =
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OMUI.sv-se" = Microsoft Office Language Pack 2007 - Swedish/svenska
    "PC-Axis 2008" = PC-Axis 2008
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "PCMCIAPW" = ThinkPad PC Card Power Policy
    "Personal" = BankID Security Application 4.10.4
    "Picasa2" = Picasa 2
    "Power Management Driver" = ThinkPad Power Management Driver
    "Presentation Director" = ThinkPad Presentation Director
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealAlt_is1" = Real Alternative 1.8.2
    "Remove Multimedia Center" = Remove Multimedia Center
    "Smart Defrag_is1" = Smart Defrag
    "SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
    "Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
    "Spotify" = Spotify
    "ST5UNST #1" = Hälsovakten-Aktiv
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "TagScanner_is1" = TagScanner 5.0 build 516
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "vixy converter BETA_is1" = vixy converter uninstall
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "WET7Cable" = Windows Easy Transfer for Windows 7
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "WinGimp-2.0_is1" = GIMP 2.6.10
    "WinRAR archiver" = WinRAR archiver
    "WMCSetup" = Windows Media Connect
    "XMind" = XMind

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Octoshape Streaming Services" = Octoshape Streaming Services

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2010-10-04 15:32:35 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9956125

    Error - 2010-10-04 15:32:35 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9956125

    Error - 2010-10-04 15:32:37 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2010-10-04 15:32:37 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9958078

    Error - 2010-10-04 15:32:37 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9958078

    Error - 2010-10-04 15:32:39 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2010-10-04 15:32:39 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9960078

    Error - 2010-10-04 15:32:39 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9960078

    Error - 2010-10-05 03:35:44 | Computer Name = GARDAR-B7CD78EF | Source = Google Update | ID = 20
    Description =

    Error - 2010-10-05 03:35:44 | Computer Name = GARDAR-B7CD78EF | Source = Google Update | ID = 20
    Description =

    [ Application Events ]
    Error - 2010-10-04 15:32:35 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9956125

    Error - 2010-10-04 15:32:35 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9956125

    Error - 2010-10-04 15:32:37 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2010-10-04 15:32:37 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9958078

    Error - 2010-10-04 15:32:37 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9958078

    Error - 2010-10-04 15:32:39 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2010-10-04 15:32:39 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9960078

    Error - 2010-10-04 15:32:39 | Computer Name = GARDAR-B7CD78EF | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9960078

    Error - 2010-10-05 03:35:44 | Computer Name = GARDAR-B7CD78EF | Source = Google Update | ID = 20
    Description =

    Error - 2010-10-05 03:35:44 | Computer Name = GARDAR-B7CD78EF | Source = Google Update | ID = 20
    Description =

    [ OSession Events ]
    Error - 2009-10-27 14:11:39 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 186522
    seconds with 2640 seconds of active time. This session ended with a crash.

    Error - 2009-11-08 18:03:29 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11002
    seconds with 7020 seconds of active time. This session ended with a crash.

    Error - 2009-12-13 07:27:18 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 59050
    seconds with 2220 seconds of active time. This session ended with a crash.

    Error - 2010-02-06 14:39:40 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64000
    seconds with 9420 seconds of active time. This session ended with a crash.

    Error - 2010-02-07 09:10:00 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 66548
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 2010-02-10 15:54:05 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37909
    seconds with 10080 seconds of active time. This session ended with a crash.

    Error - 2010-02-20 14:14:50 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2338
    seconds with 1140 seconds of active time. This session ended with a crash.

    Error - 2010-03-05 04:14:19 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83797
    seconds with 4920 seconds of active time. This session ended with a crash.

    Error - 2010-03-17 08:36:19 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78131
    seconds with 7800 seconds of active time. This session ended with a crash.

    Error - 2010-04-10 05:08:26 | Computer Name = GARDAR-B7CD78EF | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 954 seconds with 600 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2010-10-03 15:01:03 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7000
    Description = The Ac Profile Manager Service service failed to start due to the
    following error: %%1053

    Error - 2010-10-03 19:10:53 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 2010-10-03 19:10:53 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7000
    Description = The Java Quick Starter service failed to start due to the following
    error: %%3

    Error - 2010-10-04 02:00:32 | Computer Name = GARDAR-B7CD78EF | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 85.225.211.67 on
    the Network Card with network address 0018DE0224CE.

    Error - 2010-10-05 03:35:11 | Computer Name = GARDAR-B7CD78EF | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 85.225.209.176
    on the Network Card with network address 0018DE0224CE.

    Error - 2010-10-05 08:47:25 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7034
    Description = The IBM KCU Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2010-10-05 08:47:25 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7034
    Description = The tvtnetwk service terminated unexpectedly. It has done this 1
    time(s).

    Error - 2010-10-05 08:47:25 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7031
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2010-10-05 08:48:54 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7031
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2010-10-05 08:53:37 | Computer Name = GARDAR-B7CD78EF | Source = Service Control Manager | ID = 7031
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.


    < End of report >



    OTL logfile created on: 2010-10-06 08:52:03 - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\uSERX\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.09 Gb Total Space | 4.12 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: GXXX-B7CD78EF
    Current User Name: XXX
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-10-06 08:50:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gardar\My Documents\Downloads\OTL.exe
    PRC - [2010-09-18 17:03:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010-06-10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009-09-26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    PRC - [2007-06-13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-05-11 07:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    PRC - [2006-08-26 09:25:36 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2006-08-26 09:25:32 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2006-08-16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
    PRC - [2006-08-16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    PRC - [2006-08-02 09:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006-08-02 09:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2006-08-02 09:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2006-08-02 09:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2006-07-15 03:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    PRC - [2006-07-15 03:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    PRC - [2006-07-15 03:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2006-07-15 03:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    PRC - [2006-07-15 02:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    PRC - [2006-07-15 02:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2006-07-12 02:04:42 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2006-07-04 18:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    PRC - [2006-05-31 23:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2006-05-30 08:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    PRC - [2006-05-24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006-05-19 01:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    PRC - [2006-03-16 04:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
    PRC - [2006-03-14 01:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
    PRC - [2006-02-14 07:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2005-11-14 08:23:20 | 000,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    PRC - [2005-11-10 18:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
    PRC - [2005-06-20 21:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
    PRC - [2005-05-20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-10-06 08:50:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gardar\My Documents\Downloads\OTL.exe
    MOD - [2006-08-25 17:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2006-08-16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL
    MOD - [2006-02-14 07:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
    MOD - [2004-08-04 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
     
  16. lothar

    lothar TS Rookie Topic Starter Posts: 25

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010-09-23 08:43:07 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
    SRV - [2010-09-18 17:03:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010-06-10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009-09-26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2008-09-15 22:40:12 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
    SRV - [2006-08-26 09:25:36 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2006-08-26 09:25:32 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2006-08-16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2006-08-02 09:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2006-08-02 09:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2006-08-02 09:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2006-07-15 03:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2006-07-15 03:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2006-07-15 02:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
    SRV - [2006-07-15 02:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2006-07-15 00:52:48 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
    SRV - [2006-07-12 02:04:42 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2006-07-12 01:52:52 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
    SRV - [2006-05-31 23:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2006-05-24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005-11-14 10:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005-11-10 18:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2005-10-07 03:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
    SRV - [2005-06-20 21:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
    SRV - [2005-06-07 06:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
    SRV - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VNUSB.sys -- (VNUSB)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\A.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Gardar\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010-04-18 19:57:24 | 000,014,873 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Gardar\My Documents\@Allt\@Projekt 10 000\New Folder (2)\SDTHLPR.sys -- (SDTHelper)
    DRV - [2010-04-15 17:25:08 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009-10-07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008-04-28 20:39:09 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2008-04-28 20:39:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
    DRV - [2008-01-15 10:44:14 | 000,091,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrsce.sys -- (zebrsce)
    DRV - [2008-01-15 10:44:12 | 000,109,568 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
    DRV - [2008-01-15 10:44:12 | 000,109,568 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
    DRV - [2008-01-15 10:44:10 | 000,014,848 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdfl.sys -- (zebrmdfl)
    DRV - [2008-01-15 10:44:08 | 000,083,200 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrbus.sys -- (zebrbus)
    DRV - [2008-01-15 10:44:08 | 000,063,360 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
    DRV - [2006-09-27 11:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
    DRV - [2006-08-16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2006-08-02 18:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2006-08-02 18:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2006-08-02 10:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006-07-20 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2006-07-15 02:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
    DRV - [2006-07-15 02:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
    DRV - [2006-07-15 00:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
    DRV - [2006-05-31 23:26:38 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006-05-31 23:22:26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006-05-31 23:18:36 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006-05-31 23:17:36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006-05-31 23:15:42 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2006-05-25 18:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2006-04-26 04:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2006-04-26 04:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
    DRV - [2006-04-20 08:06:50 | 000,181,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2006-03-16 02:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
    DRV - [2006-03-14 01:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
    DRV - [2006-02-14 07:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006-01-31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2006-01-13 09:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2005-12-06 04:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
    DRV - [2005-12-06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
    DRV - [2005-12-06 04:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
    DRV - [2005-11-10 18:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2005-11-08 18:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005-10-12 02:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2005-07-05 07:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
    DRV - [2005-06-20 21:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
    DRV - [2005-05-17 19:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
    DRV - [2005-01-07 23:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2004-08-04 08:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2004-08-04 08:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2004-08-04 08:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
    DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003-09-11 08:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
     
  17. lothar

    lothar TS Rookie Topic Starter Posts: 25

    DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001-08-17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001-08-17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:blank"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
    FF - prefs.js..extensions.enabledItems: is@dictionaries.addons.mozilla.org:1.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
    FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.41
    FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5
    FF - prefs.js..network.proxy.backup.ftp: "http://svtplay.se/t/103478/checkpoint_charlie"
    FF - prefs.js..network.proxy.backup.ftp_port: 0
    FF - prefs.js..network.proxy.backup.gopher: "http://svtplay.se/t/103478/checkpoint_charlie"
    FF - prefs.js..network.proxy.backup.gopher_port: 0
    FF - prefs.js..network.proxy.backup.socks: "http://svtplay.se/t/103478/checkpoint_charlie"
    FF - prefs.js..network.proxy.backup.socks_port: 0
    FF - prefs.js..network.proxy.backup.ssl: "http://svtplay.se/t/103478/checkpoint_charlie"
    FF - prefs.js..network.proxy.backup.ssl_port: 0
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-25 08:46:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-25 08:46:55 | 000,000,000 | ---D | M]

    [2008-09-16 00:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Extensions
    [2010-09-17 00:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions
    [2009-08-18 15:30:27 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2010-05-30 11:51:37 | 000,000,000 | ---D | M] (GTDInbox for Gmail) -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
    [2010-05-26 18:11:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2008-06-25 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2009-09-21 09:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\is@dictionaries.addons.mozilla.org
    [2010-05-26 18:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\isreaditlater@ideashower.com
    [2010-05-26 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application
    Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\sv@dictionaries.addons.mozilla.org
    [2010-01-31 16:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Mozilla\Firefox\Profiles\o70315ni.default\extensions\timetrack@usablehack.com
    [2010-09-17 00:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2007-12-19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    [2009-07-31 00:47:13 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
    [2009-07-31 00:47:13 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
    [2009-07-31 00:47:13 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
    [2009-07-31 00:47:13 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
    [2009-07-31 00:47:13 | 000,000,647 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

    O1 HOSTS File: ([2010-10-03 21:00:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
     
  18. lothar

    lothar TS Rookie Topic Starter Posts: 25

    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
    O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
    O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263761883171 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263761863656 (MUWebControl Class)
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www.pc.ibm.com/egather/IbmEgath.cab (IBM Access Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop WallPaper: C:\WINDOWS\1024_768 Think Americas Map.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\1024_768 Think Americas Map.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-04-30 09:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010-09-14 09:51:50 | 000,001,352 | ---- | M] () - C:\AutoHotkey.ahk -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-10-03 20:45:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010-10-03 20:41:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010-10-03 20:41:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010-10-03 20:41:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010-10-03 20:41:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010-10-03 20:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010-10-03 20:35:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010-10-03 10:33:16 | 000,000,000 | ---D | C] -- C:\Killmalware
    [2010-10-03 09:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010-10-01 18:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010-10-01 15:30:06 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010-10-01 15:30:05 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010-10-01 15:30:05 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010-10-01 15:30:05 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010-10-01 15:30:04 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010-10-01 15:30:04 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010-10-01 15:30:04 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010-10-01 15:29:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010-10-01 15:29:47 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010-10-01 15:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010-10-01 15:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010-10-01 12:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010-09-30 20:05:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010-09-30 20:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gardar\.gimp-2.6
    [2010-09-30 20:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gardar\My Documents\gegl-0.0
    [2010-09-30 20:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
    [2010-09-18 17:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2010-09-18 17:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010-09-18 16:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gardar\Desktop\Adobe InDesign CS4
    [2010-09-18 16:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gardar\Desktop\Adobe InDesign CS5
    [2010-09-18 15:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
    [2010-09-10 20:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
    [2010-07-22 10:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010-07-09 13:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
     
  19. lothar

    lothar TS Rookie Topic Starter Posts: 25

    ========== Files - Modified Within 90 Days ==========

    [2010-10-06 08:50:52 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\vakna.job
    [2010-10-06 08:47:19 | 000,003,216 | ---- | M] () -- C:\WINDOWS\System32\encobject.dat
    [2010-10-06 08:29:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010-10-06 08:29:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010-10-06 08:17:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1954473801-753732875-683532963-1005UA.job
    [2010-10-06 07:17:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1954473801-753732875-683532963-1005Core.job
    [2010-10-06 06:30:49 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2010-10-05 14:58:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-10-05 14:55:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-10-05 11:33:10 | 013,893,632 | -H-- | M] () -- C:\Documents and Settings\Gardar\NTUSER.DAT
    [2010-10-04 18:46:02 | 003,415,533 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\Presentation2.pptx
    [2010-10-04 01:12:48 | 000,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
    [2010-10-04 01:10:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-10-04 01:10:31 | 2674,315,264 | -HS- | M] () -- C:\hiberfil.sys
    [2010-10-04 01:02:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gardar\ntuser.ini
    [2010-10-04 00:46:21 | 001,087,837 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\HONDEGHEM-VANDERMEULEN-%20competency%20management%20in%20the%20Flemish-Dutch%20civil%20service%202000.pdf
    [2010-10-03 21:00:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-10-03 20:58:19 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-10-03 20:45:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010-10-03 10:28:47 | 000,293,376 | ---- | M] () -- C:\0r2yptox.exe
    [2010-10-03 09:38:12 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Gardar\Desktop\HijackThis.lnk
    [2010-10-01 15:30:06 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010-10-01 15:30:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010-09-29 11:30:45 | 001,381,578 | -H-- | M] () -- C:\Documents and Settings\Gardar\Local Settings\Application Data\IconCache.db
    [2010-09-28 22:04:14 | 000,194,560 | ---- | M] () -- C:\Documents and Settings\Gardar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-09-28 19:07:44 | 000,094,313 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\Presentation1.pptx
    [2010-09-27 18:49:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-09-25 13:32:25 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010-09-24 16:40:47 | 000,244,684 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\Untitled-1.pdf
    [2010-09-23 17:28:26 | 000,228,625 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\Java Printing.pdf
    [2010-09-23 08:18:58 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Gardar\Desktop\Google Chrome.lnk
    [2010-09-23 08:18:58 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Gardar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010-09-22 00:29:50 | 000,011,672 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\Book1 (Autosaved).xlsx
    [2010-09-21 14:15:05 | 000,170,411 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\5509Wspar.pdf
    [2010-09-21 12:24:24 | 000,170,405 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\5509W.pdf
    [2010-09-20 20:22:32 | 002,162,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-09-20 15:54:54 | 000,497,768 | ---- | M] () -- C:\Documents and Settings\Gardar\VirtuelleWarteschlange
    [2010-09-18 17:27:11 | 000,071,616 | ---- | M] () -- C:\Documents and Settings\Gardar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010-09-18 09:33:26 | 000,038,100 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\Faas_et_al._-_Polls_that_mattered.pdf
    [2010-09-15 20:06:52 | 000,563,982 | ---- | M] () -- C:\EQ_IP_192.168.75.61
    [2010-09-14 14:19:04 | 000,006,695 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkey.ahk
    [2010-09-14 09:55:23 | 000,004,331 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkeysss.ahk
    [2010-09-14 09:51:50 | 000,001,352 | ---- | M] () -- C:\AutoHotkey.ahk
    [2010-09-10 20:45:02 | 000,207,356 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkey.exe
    [2010-09-09 16:57:10 | 000,236,886 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\EMPM_CourseDescriptions_AY1011_02_09_10.pdf
    [2010-09-07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010-09-07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010-09-07 16:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010-09-07 10:12:53 | 000,020,282 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\Ellen exportrådet.docx
    [2010-09-05 17:29:28 | 000,000,722 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010-08-23 03:22:57 | 000,087,853 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\Bibliography.xlsx
    [2010-08-22 16:44:05 | 000,018,702 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\Bästa ansvarig.docx
    [2010-08-19 17:40:19 | 000,539,644 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\5501W.pdf
    [2010-08-15 20:03:00 | 000,020,082 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\Sections.docx
    [2010-08-15 20:02:43 | 000,097,711 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\Bibliography.xlsb
    [2010-08-12 19:15:58 | 000,504,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-08-12 19:15:58 | 000,426,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-08-12 19:15:58 | 000,071,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-08-12 11:15:19 | 000,014,394 | ---- | M] () -- C:\Documents and Settings\XX\My Documents\XXX XXXX.docx

    ========== Files Created - No Company Name ==========

    [2010-10-04 18:45:59 | 003,415,533 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Presentation2.pptx
    [2010-10-04 00:46:21 | 001,087,837 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\HONDEGHEM-VANDERMEULEN-%20competency%20management%20in%20the%20Flemish-Dutch%20civil%20service%202000.pdf
    [2010-10-03 20:45:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010-10-03 20:45:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010-10-03 20:41:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010-10-03 20:41:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010-10-03 20:41:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010-10-03 20:41:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010-10-03 20:41:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010-10-03 17:37:26 | 2674,315,264 | -HS- | C] () -- C:\hiberfil.sys
    [2010-10-03 10:28:40 | 000,293,376 | ---- | C] () -- C:\0r2yptox.exe
    [2010-10-03 09:37:56 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Gardar\Desktop\HijackThis.lnk
    [2010-10-01 15:30:06 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010-09-30 20:47:19 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\Gardar\Application Data\avgrep.txt
    [2010-09-28 16:51:46 | 000,094,313 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Presentation1.pptx
    [2010-09-25 13:32:25 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010-09-24 16:40:34 | 000,244,684 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Untitled-1.pdf
    [2010-09-23 17:28:26 | 000,228,625 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Java Printing.pdf
    [2010-09-22 00:29:46 | 000,011,672 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Book1 (Autosaved).xlsx
    [2010-09-21 14:15:05 | 000,170,411 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\5509Wspar.pdf
    [2010-09-21 12:24:24 | 000,170,405 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\5509W.pdf
    [2010-09-20 15:54:49 | 000,497,768 | ---- | C] () -- C:\Documents and Settings\Gardar\VirtuelleWarteschlange
    [2010-09-18 09:32:29 | 000,038,100 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Faas_et_al._-_Polls_that_mattered.pdf
    [2010-09-15 20:06:50 | 000,563,982 | ---- | C] () -- C:\EQ_IP_192.168.75.61
    [2010-09-14 09:51:50 | 000,001,352 | ---- | C] () -- C:\AutoHotkey.ahk
    [2010-09-10 20:44:46 | 000,207,356 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkey.exe
    [2010-09-10 20:21:43 | 000,006,695 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkey.ahk
    [2010-09-10 20:21:43 | 000,004,331 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkeysss.ahk
    [2010-09-09 16:57:10 | 000,236,886 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\EMPM_CourseDescriptions_AY1011_02_09_10.pdf
    [2010-09-05 17:33:52 | 000,020,282 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Ellen exportrådet.docx
    [2010-08-23 03:22:56 | 000,087,853 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Bibliography.xlsx
     
  20. lothar

    lothar TS Rookie Topic Starter Posts: 25

    [2010-08-19 17:40:18 | 000,539,644 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\5501W.pdf
    [2010-08-15 20:02:42 | 000,097,711 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Bibliography.xlsb
    [2010-08-11 14:41:47 | 000,014,394 | ---- | C] () -- C:\Documents and Settings\Gardar\My Documents\Gardar Björnsson.docx
    [2010-03-02 13:59:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
    [2010-01-31 10:53:31 | 000,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI
    [2010-01-04 16:34:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2010-01-04 16:34:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2009-12-11 21:54:11 | 000,008,154 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
    [2009-10-07 15:21:05 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\HVstrlib.dll
    [2009-08-28 11:47:12 | 000,319,488 | ---- | C] () -- C:\WINDOWS\DLXAPI32.DLL
    [2009-08-04 19:06:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008-05-10 09:32:12 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Gardar\Local Settings\Application Data\fusioncache.dat
    [2008-05-09 20:42:34 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2008-05-09 20:42:33 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2008-04-28 21:32:58 | 000,194,560 | ---- | C] () -- C:\Documents and Settings\Gardar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008-04-28 20:45:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008-04-28 20:45:11 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
    [2008-04-28 20:38:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2008-04-28 20:31:41 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008-04-28 20:29:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008-04-28 20:29:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008-04-28 20:29:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008-04-28 20:29:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008-04-28 20:29:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008-04-28 20:29:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008-04-28 20:22:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
    [2008-04-28 20:21:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
    [2008-04-28 20:19:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2008-04-28 20:19:42 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2008-04-28 20:19:32 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
    [2008-04-28 14:38:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007-09-27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007-09-27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007-09-27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006-08-17 10:00:13 | 000,009,970 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
    [2006-08-17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
    [2006-08-03 03:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
    [2006-08-03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
    [2006-06-14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006-06-12 21:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
    [2006-05-31 23:37:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006-04-30 09:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006-04-30 09:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2005-02-17 21:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005-02-17 21:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001-11-14 22:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010-10-01 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2009-11-06 13:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Austhink Software
    [2010-10-03 20:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009-11-20 00:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009-11-15 13:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
    [2010-04-15 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009-10-06 09:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2008-04-28 21:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
    [2010-06-16 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
    [2010-01-04 16:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
    [2010-01-04 16:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
    [2008-07-11 22:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2010-02-15 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009-10-06 21:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware
    [2010-04-11 11:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-09-16 21:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010-02-15 09:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\ActiveWords
    [2010-01-14 11:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Agency9
    [2009-11-06 13:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Austhink Software
    [2010-09-28 23:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Azureus
    [2010-04-15 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\DAEMON Tools Lite
    [2010-09-27 21:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Dropbox
    [2009-10-06 09:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\GARMIN
    [2008-05-08 19:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\InterVideo
    [2010-01-10 13:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\IObit
    [2008-05-06 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Leadertech
    [2008-04-28 21:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Lenovo
    [2010-02-21 20:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Octoshape
    [2009-08-28 21:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Personal
    [2010-10-05 12:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Spotify
    [2010-02-09 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Stata10
    [2010-06-16 19:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Tatara Systems
    [2008-08-04 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Teleca
    [2008-04-28 20:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\ThinkVantage
    [2009-12-02 15:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Windows Desktop Search
    [2010-01-31 10:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\Windows Search
    [2009-08-19 17:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gardar\Application Data\XMind
    [2010-10-06 06:30:49 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
    [2010-10-06 08:50:52 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\vakna.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-10-03 10:28:47 | 000,293,376 | ---- | M] () -- C:\0r2yptox.exe
    [2006-04-30 09:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-09-14 09:51:50 | 000,001,352 | ---- | M] () -- C:\AutoHotkey.ahk
    [2008-04-28 20:59:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010-10-03 20:45:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010-10-05 14:58:48 | 000,018,678 | ---- | M] () -- C:\ComboFix.txt
    [2006-04-30 09:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010-09-15 20:06:52 | 000,563,982 | ---- | M] () -- C:\EQ_IP_192.168.75.61
    [2010-10-04 01:10:31 | 2674,315,264 | -HS- | M] () -- C:\hiberfil.sys
    [2006-04-30 09:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006-04-30 09:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004-08-04 14:00:00 | 000,250,032 | RHS- | M] () -- C:\NTLDR
    [2010-10-04 01:10:29 | 2674,241,536 | -HS- | M] () -- C:\pagefile.sys
    [2008-04-28 20:12:17 | 000,000,093 | ---- | M] () -- C:\syslevel.lgl
    [2010-09-13 19:29:35 | 000,001,055 | ---- | M] () -- C:\waveoutput_en.txt
     
  21. lothar

    lothar TS Rookie Topic Starter Posts: 25

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006-04-30 09:12:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006-10-27 04:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010-09-07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006-04-30 02:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006-04-30 02:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006-04-30 02:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >
    [2010-01-02 13:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\IObit\Advanced SystemCare 3\Bak

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2006-04-30 09:13:42 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008-04-28 21:00:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Gardar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006-04-30 09:21:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gardar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2008-05-11 00:01:56 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Gardar\Desktop\install_flash_player.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010-09-10 20:45:02 | 000,207,356 | ---- | M] () -- C:\Documents and Settings\Gardar\My Documents\AutoHotkey.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008-04-28 21:00:14 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Gardar\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010-10-06 08:51:05 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Gardar\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004-08-11 10:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2006-09-22 00:01:54 | 000,577,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004-08-04 14:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004-08-04 10:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004-08-04 10:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008-05-02 16:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004-08-04 10:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004-10-13 18:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004-08-04 10:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004-08-04 10:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004-08-04 10:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004-08-04 10:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-08-04 10:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010-01-18 00:55:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Gardar\Favorites\?£orterade bokmärken) -- C:\Documents and Settings\Gardar\Favorites\鷀£orterade bokmärken

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7461AB9
    < End of report >

    Thanks again!
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're running very low on C drive free space:
    You need to start moving some stuff out.

    =========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File not found
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
      @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7461AB9
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Thanks again mate!

    OTL log first:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ deleted successfully.
    File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7461AB9 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: XX
    ->Temp folder emptied: 46520707 bytes
    ->Temporary Internet Files folder emptied: 15077610 bytes
    ->Java cache emptied: 2521653 bytes
    ->FireFox cache emptied: 70080571 bytes
    ->Google Chrome cache emptied: 249186297 bytes
    ->Flash cache emptied: 109767 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 36478 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 366.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Gardar
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 10072010_142111

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Gardar\Local Settings\Temp\Perflib_Perfdata_1594.dat not found!
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_718.dat not found!

    Registry entries deleted on Reboot...
     
  24. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Checkup log:


    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.82.76
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  25. lothar

    lothar TS Rookie Topic Starter Posts: 25

    Hi again mate!

    Diddnt have time to run the full ESET - will do that tonight. Regrettably - it came up with this before I stopped it:


    C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EB trojan


    Any immidiate action on that?

    Thank you again, so much for your help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...