Solved Super slow computer after detecting obfuscator.xx virus

quirkymac · 2011/04/29

[Resolved] Super slow computer after detecting obfuscator.xx virus

Sorry to duplicate this thread but in my haste to try and get some help on this issue I managed to incur a ban on my bbs account.
I posted earlier as user flyingkiwi
The issues started recently when my computer started freezing in IE8 (and in IE9 it turns out) and giving some odd behaviours, such as going super slow at times.

Security essentials detected the obfuscator.xx virus and quarantined it, and on that basis I headed over here for some expert help.

Logs
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6474

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

30/04/2011 4:28:12 AM
mbam-log-2011-04-30 (04-28-12).txt

Scan type: Quick scan
Objects scanned: 150374
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1E1CB3CAFC3EFBDB (Trojan.FakeMS.MGen) -> Value: 1E1CB3CAFC3EFBDB -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\sysapp (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\sysapp\sysapp.exe (Trojan.FakeMS.MGen) -> Quarantined and deleted successfully.
c:\sysapp\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

quirkymac · 2011/04/29

GMER Log (I had to run it with devices uncheckd as it BSOD'd with it checked)
GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-30 06:39:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1646GSX rev.LB111A
Running: 4xlyh67b.exe; Driver: C:\Users\MILNEC~1\AppData\Local\Temp\uwlyauob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 82C8A9C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CAA512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD6D87A5-04A7-4A48-9BDC-157BAF9BA305}\MpKslaafe5df7.sys The system cannot find the file specified. !
PAGE peauth.sys AF832C39 34 Bytes CALL E52EFA93

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3424] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5964] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5964] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7569FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3afc1970
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3afc1970@9c18743334f1 0x68 0x64 0x5E 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3afc1970 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3afc1970@9c18743334f1 0x68 0x64 0x5E 0x40 ...

---- EOF - GMER 1.0.15 ----

quirkymac · 2011/04/29

MBER log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 7659AB8
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 211):
0x82C55000 \SystemRoot\system32\ntoskrnl.exe
0x82C1E000 \SystemRoot\system32\halmacpi.dll
0x80BB0000 \SystemRoot\system32\kdcom.dll
0x8B82E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B8B3000 \SystemRoot\system32\PSHED.dll
0x8B8C4000 \SystemRoot\system32\BOOTVID.dll
0x8B8CC000 \SystemRoot\system32\CLFS.SYS
0x8B90E000 \SystemRoot\system32\CI.dll
0x8B9B9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BA2A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BA38000 \SystemRoot\system32\drivers\ACPI.sys
0x8BA80000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8BA89000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BA91000 \SystemRoot\system32\drivers\pci.sys
0x8BABB000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BAC6000 \SystemRoot\System32\drivers\partmgr.sys
0x8BAD7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BADF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BAEA000 \SystemRoot\system32\drivers\volmgr.sys
0x8BAFA000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BB45000 \SystemRoot\system32\drivers\intelide.sys
0x8BB4C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8BB5A000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8BB88000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BB9E000 \SystemRoot\system32\drivers\vmbus.sys
0x8BBC8000 \SystemRoot\system32\drivers\winhv.sys
0x8BBDA000 \SystemRoot\system32\drivers\atapi.sys
0x8B800000 \SystemRoot\system32\drivers\ataport.SYS
0x8B823000 \SystemRoot\system32\drivers\amdxata.sys
0x8BC06000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BC3A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BC4B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD7A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BDA5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BDB8000 \SystemRoot\System32\Drivers\cng.sys
0x8BE15000 \SystemRoot\System32\drivers\pcw.sys
0x8BE23000 \SystemRoot\System32\DRIVERS\DozeHDD.sys
0x8BE28000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BE31000 \SystemRoot\system32\drivers\ndis.sys
0x8BEE8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BF26000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C03C000 \SystemRoot\System32\drivers\tcpip.sys
0x8C186000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C1B7000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C1C0000 \SystemRoot\system32\drivers\volsnap.sys
0x8C1FF000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8C208000 \SystemRoot\System32\Drivers\spldr.sys
0x8C210000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C23D000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8C25D000 \SystemRoot\System32\Drivers\mup.sys
0x8C26D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C275000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C2A7000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C2B8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C30F000 \SystemRoot\system32\drivers\cdrom.sys
0x8C32E000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8C355000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8C35E000 \SystemRoot\System32\Drivers\Null.SYS
0x8C365000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C36C000 \SystemRoot\System32\drivers\vga.sys
0x8C378000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C399000 \SystemRoot\System32\drivers\watchdog.sys
0x8C3A6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C3AE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C3B6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C3BE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C3C9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C3D7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C3EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C000000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BF4B000 \SystemRoot\system32\drivers\afd.sys
0x8C032000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8BFA5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BFC4000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x8BFD4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BFE2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9302F000 \SystemRoot\system32\drivers\vpcvmm.sys
0x93076000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x9307D000 \SystemRoot\system32\drivers\termdd.sys
0x9308E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x930CF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x930D9000 \SystemRoot\system32\drivers\mssmbios.sys
0x930E3000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD6D87A5-04A7-4A48-9BDC-157BAF9BA305}\MpKslaafe5df7.sys
0x930E9000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x930EB000 \SystemRoot\System32\drivers\discache.sys
0x930F7000 \SystemRoot\system32\drivers\csc.sys
0x9315B000 \SystemRoot\System32\Drivers\dfsc.sys
0x93173000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93181000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x931A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93834000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x93D38000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93DEF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93E28000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x93E60000 \SystemRoot\system32\drivers\usbuhci.sys
0x93E6B000 \SystemRoot\system32\drivers\USBPORT.SYS
0x93EB6000 \SystemRoot\system32\drivers\usbehci.sys
0x93EC5000 \SystemRoot\system32\drivers\HDAudBus.sys
0x94C08000 \SystemRoot\system32\DRIVERS\NETwLv32.sys
0x95267000 \SystemRoot\system32\drivers\1394ohci.sys
0x95294000 \SystemRoot\system32\drivers\sdbus.sys
0x952AD000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x952FE000 \SystemRoot\system32\drivers\i8042prt.sys
0x95316000 \SystemRoot\system32\drivers\kbdclass.sys
0x931B4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x95323000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95325000 \SystemRoot\system32\drivers\mouclass.sys
0x95332000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x95336000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x9533D000 \SystemRoot\system32\drivers\wmiacpi.sys
0x95346000 \SystemRoot\system32\drivers\CompositeBus.sys
0x95353000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95365000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9537D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95388000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x953AA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x953C2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x953D9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x953F0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x93EE4000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x93F01000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x953FA000 \SystemRoot\system32\DRIVERS\psadd.sys
0x94C00000 \SystemRoot\system32\drivers\swenum.sys
0x93F27000 \SystemRoot\system32\drivers\ks.sys
0x93F5B000 \SystemRoot\system32\drivers\umbus.sys
0x93F69000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x93F81000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x93F8E000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x932F8000 \SystemRoot\system32\drivers\usbhub.sys
0x93FC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9333C000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x93800000 \SystemRoot\system32\drivers\portcls.sys
0x93FD5000 \SystemRoot\system32\drivers\drmk.sys
0x9339F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8241D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x82520000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x825D4000 \SystemRoot\system32\drivers\modem.sys
0x96410000 \SystemRoot\System32\win32k.sys
0x825E1000 \SystemRoot\System32\drivers\Dxapi.sys
0x825EB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x825F8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82603000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8260C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8261D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96670000 \SystemRoot\System32\TSDDD.dll
0x966A0000 \SystemRoot\System32\cdd.dll
0x966C0000 \SystemRoot\System32\ATMFD.DLL
0x82628000 \SystemRoot\system32\drivers\luafv.sys
0x82643000 \SystemRoot\system32\drivers\WudfPf.sys
0x8265D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8266D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x826B3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x826C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x826D6000 \SystemRoot\system32\drivers\HTTP.sys
0x8275B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x82774000 \SystemRoot\System32\drivers\mpsdrv.sys
0x82786000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x827A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x827E4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82418000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAF827000 \SystemRoot\system32\drivers\peauth.sys
0xAF8BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF8C8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAF8E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF8F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAF8FE000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAF94E000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF9A0000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xAF9AA000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xAF9BC000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B526E6C9-DB87-4999-840C-E2E6971C6B83}\MpKsl68878276.sys
0xAF9C2000 \SystemRoot\system32\drivers\spsys.sys
0xAFA2C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x775A0000 \Windows\System32\ntdll.dll
0x48570000 \Windows\System32\smss.exe
0x777E0000 \Windows\System32\apisetschema.dll
0x00250000 \Windows\System32\autochk.exe
0x773A0000 \Windows\System32\iertutil.dll
0x77780000 \Windows\System32\Wldap32.dll
0x77720000 \Windows\System32\shlwapi.dll
0x77710000 \Windows\System32\nsi.dll
0x776F0000 \Windows\System32\sechost.dll
0x77240000 \Windows\System32\ole32.dll
0x77170000 \Windows\System32\msctf.dll
0x76FD0000 \Windows\System32\setupapi.dll
0x776E0000 \Windows\System32\psapi.dll
0x76ED0000 \Windows\System32\wininet.dll
0x76E80000 \Windows\System32\gdi32.dll
0x76E70000 \Windows\System32\normaliz.dll
0x76DE0000 \Windows\System32\oleaut32.dll
0x76DD0000 \Windows\System32\lpk.dll
0x76D20000 \Windows\System32\msvcrt.dll
0x76C80000 \Windows\System32\usp10.dll
0x76BA0000 \Windows\System32\kernel32.dll
0x75F50000 \Windows\System32\shell32.dll
0x75F20000 \Windows\System32\imagehlp.dll
0x75E50000 \Windows\System32\user32.dll
0x75DB0000 \Windows\System32\advapi32.dll
0x75D00000 \Windows\System32\rpcrt4.dll
0x75CA0000 \Windows\System32\difxapi.dll
0x75B60000 \Windows\System32\urlmon.dll
0x75B20000 \Windows\System32\ws2_32.dll
0x75B00000 \Windows\System32\imm32.dll
0x75A70000 \Windows\System32\clbcatq.dll
0x759F0000 \Windows\System32\comdlg32.dll
0x759A0000 \Windows\System32\KernelBase.dll
0x75910000 \Windows\System32\comctl32.dll
0x758E0000 \Windows\System32\wintrust.dll
0x758B0000 \Windows\System32\cfgmgr32.dll
0x75890000 \Windows\System32\devobj.dll
0x75770000 \Windows\System32\crypt32.dll
0x75760000 \Windows\System32\msasn1.dll

Processes (total 78):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
436 csrss.exe
488 C:\Windows\System32\wininit.exe
500 csrss.exe
536 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\ibmpmsvc.exe
852 C:\Windows\System32\svchost.exe
908 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
964 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\audiodg.exe
1200 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\dwm.exe
1600 C:\Windows\System32\wlanext.exe
1608 C:\Windows\explorer.exe
1616 C:\Windows\System32\conhost.exe
1712 C:\Windows\System32\spoolsv.exe
1760 C:\Windows\System32\svchost.exe
1884 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
1908 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1928 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
1968 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
2028 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
452 C:\Windows\System32\AEADISRV.EXE
628 C:\Program Files\Bonjour\mDNSResponder.exe
1132 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1860 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
1044 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
2036 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2080 C:\Windows\System32\svchost.exe
2192 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2280 C:\Windows\System32\drivers\XAudio.exe
2308 C:\Program Files\Lenovo\Access Connections\AcSvc.exe
2336 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2356 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2452 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2824 C:\Windows\System32\taskhost.exe
2952 unsecapp.exe
3024 WmiPrvSE.exe
3404 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3424 C:\Windows\System32\rundll32.exe
3480 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
3492 C:\Windows\System32\hkcmd.exe
3552 C:\Windows\WindowsMobile\wmdc.exe
3588 C:\Windows\System32\igfxsrvc.exe
3792 C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
3876 C:\Windows\System32\svchost.exe
4008 C:\Windows\System32\igfxext.exe
2124 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\svchost.exe
3380 C:\Windows\System32\SearchIndexer.exe
848 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
3528 C:\Program Files\Microsoft Security Client\msseces.exe
1496 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3932 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1292 C:\Program Files\MagicDisc\MagicDisc.exe
3436 C:\Program Files\Windows Media Player\wmpnetwk.exe
2024 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
4336 C:\Windows\System32\svchost.exe
4740 dllhost.exe
4816 C:\Program Files\Internet Explorer\iexplore.exe
5872 C:\Windows\System32\sppsvc.exe
5964 C:\Program Files\Lenovo\System Update\SUService.exe
4520 C:\Program Files\Internet Explorer\iexplore.exe
6096 C:\Windows\System32\SearchProtocolHost.exe
6088 C:\Windows\System32\SearchFilterHost.exe
4436 C:\Program Files\Internet Explorer\iexplore.exe
1696 C:\Users\Milne Clan\Desktop\MBRCheck.exe
1476 C:\Windows\System32\conhost.exe
4508 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1646GSX, Rev: LB111A

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

quirkymac · 2011/04/29

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Milne Clan at 14:12:50.85 on Sat 30/04/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3062.1720 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Milne Clan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No File
TB: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [c:\program files\free video zilla\FVZilla.exe]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\milnec~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flash capture\fciext.dll/FCIEXT.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
Hosts: 161.58.195.155 tempdomainname.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milnec~1\appdata\roaming\mozilla\firefox\profiles\bpsfd0aw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Default Manager: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} - c:\program files\microsoft\search enhancement pack\default manager\DMExtension
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-25 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-3-20 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKsl30864d95;MpKsl30864d95;c:\programdata\microsoft\microsoft antimalware\definition updates\{78556bc7-de85-41df-b51b-bbf70576892a}\MpKsl30864d95.sys [2011-4-30 28752]
R1 MpKsl4bb96043;MpKsl4bb96043;c:\programdata\microsoft\microsoft antimalware\definition updates\{78556bc7-de85-41df-b51b-bbf70576892a}\MpKsl4bb96043.sys [2011-4-30 28752]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-13 93032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-1 1153368]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-3-20 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-3-20 64440]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2010-2-21 516480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-4-9 45496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2010-2-21 11648]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-5-29 25832]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-25 128360]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-4-1 19456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-3-17 6630912]
S3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-12-10 21744]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-1-4 79208]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2010-7-27 377856]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-12 1343400]
.
=============== Created Last 30 ================
.
2011-04-30 03:51:18 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{78556bc7-de85-41df-b51b-bbf70576892a}\MpKsl30864d95.sys
2011-04-30 03:47:04 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{78556bc7-de85-41df-b51b-bbf70576892a}\MpKsl4bb96043.sys
2011-04-30 03:46:53 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{78556bc7-de85-41df-b51b-bbf70576892a}\mpengine.dll
2011-04-29 18:20:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 18:20:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 13:03:55 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9b3f84d7-84cd-40b3-a8db-23f73f56d023}\gapaengine.dll
2011-04-26 08:51:55 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2011-04-26 08:51:55 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2011-04-26 08:51:55 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-04-23 20:21:49 -------- d-----w- c:\windows\system32\SPReview
2011-04-23 19:52:56 -------- d-----w- c:\windows\system32\EventProviders
2011-04-23 19:49:09 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-04-23 19:49:09 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-04-23 19:49:08 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-04-23 19:49:04 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-04-23 19:49:04 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-04-23 19:49:04 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-04-23 19:49:04 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-23 19:47:59 863744 ----a-w- c:\windows\system32\diagperf.dll
2011-04-23 19:46:59 73216 ----a-w- c:\windows\system32\TabSvc.dll
2011-04-23 19:45:59 65024 ----a-w- c:\windows\system32\TSpkg.dll
2011-04-23 19:44:59 7168 ----a-w- c:\windows\system32\kbdlk41a.dll
2011-04-23 19:43:43 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-23 19:43:42 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-23 19:43:42 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-23 19:43:42 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-23 19:43:17 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-23 19:42:55 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-23 19:42:55 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-23 19:40:14 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-23 19:40:03 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-20 07:28:56 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-20 07:28:51 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-20 07:28:47 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-20 07:28:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-16 20:24:04 -------- d-----w- c:\windows\Applian Director
2011-04-16 20:23:30 -------- d-----w- c:\windows\Replay Video Capture
2011-04-15 08:16:52 119808 ----a-r- c:\users\milnec~1\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
2011-04-14 17:36:28 -------- d-sh--w- C:\found.000
2011-04-11 15:01:14 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-04-11 15:01:14 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-04-11 14:59:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-04-08 21:19:13 -------- d-----w- c:\users\milnec~1\appdata\roaming\PwrMgr
2011-04-08 20:53:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-04-08 20:53:05 42496 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-04-08 20:47:29 38760 ----a-w- c:\windows\system32\ibmpmsvc.exe
2011-04-08 20:47:29 35176 ----a-w- c:\windows\system32\tpinspm.dll
2011-04-08 20:47:29 31984 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
.
==================== Find3M ====================
.
2011-04-23 20:28:10 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 20:52:01 79836 ----a-w- c:\windows\system32\fruninst.exe
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:39:44 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-02-17 08:24:02 120104 ----a-w- c:\windows\system32\SynTPCo8.dll
2011-02-17 08:24:00 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-02-17 08:23:58 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-02-17 08:23:56 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-02-02 08:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:14:39.64 ===============

quirkymac · 2011/04/29

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/01/2010 3:53:08 PM
System Uptime: 30/04/2011 1:50:44 PM (1 hours ago)
.
Motherboard: LENOVO | | 7659AB8
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 31.637 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&1F10D8AF&0&04F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&1F10D8AF&0&04F0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl73c16d89
Device ID: ROOT\LEGACY_MPKSL73C16D89\0000
Manufacturer:
Name: MpKsl73c16d89
PNP Device ID: ROOT\LEGACY_MPKSL73C16D89\0000
Service: MpKsl73c16d89
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl37dd5470
Device ID: ROOT\LEGACY_MPKSL37DD5470\0000
Manufacturer:
Name: MpKsl37dd5470
PNP Device ID: ROOT\LEGACY_MPKSL37DD5470\0000
Service: MpKsl37dd5470
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&1F10D8AF&0&03F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&1F10D8AF&0&03F0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9a650936
Device ID: ROOT\LEGACY_MPKSL9A650936\0000
Manufacturer:
Name: MpKsl9a650936
PNP Device ID: ROOT\LEGACY_MPKSL9A650936\0000
Service: MpKsl9a650936
.
==== System Restore Points ===================
.
RP656: 29/04/2011 10:19:06 PM - Windows Update
RP657: 29/04/2011 10:49:17 PM - Removed TMPGEnc DVD Author 3 with DivX Authoring
RP658: 30/04/2011 3:42:25 AM - Removed Java(TM) 6 Update 23
RP659: 30/04/2011 3:46:03 AM - Installed Java(TM) 6 Update 25
RP661: 30/04/2011 4:01:48 AM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Application Support
Apple Software Update
BigPond Broadband ADSL
Canon Inkjet Printer Driver Add-On Module
Canon iP4800 series Printer Driver
CanoScan Toolbox Ver4.1
Castle Link
CCleaner
CD-LabelPrint
D3DX10
Dragon Age: Origins
e-tax 2010
ESET Online Scanner v3
Feedback Tool
Google Update Helper
IKEA Home Planner
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 25
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyVirtualHome
NVIDIA PhysX
On Screen Display
OpenOffice.org 3.1
Photo Story 3 for Windows
Picasa 3
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SoundMAX
SPCA1528 PC Driver
Spybot - Search & Destroy
System Update
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
TMPGEnc 4.0 XPress
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Windows 7 USB/DVD Download Tool
Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
Windows Live Communications Platform
Windows Live Essentials Beta
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Common Beta
Windows Live Photo Gallery
Windows Live Photo Gallery Beta
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
Windows XP Mode
WinRAR archiver
Xvid 1.2.2 final uninstall
Zero Assumption Recovery Version 8.5
.
==== Event Viewer Messages From Past Week ========
.
30/04/2011 5:35:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
30/04/2011 5:29:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000001 (0x82e1ed73, 0x00000000, 0xffff0000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 043011-21762-01.
30/04/2011 4:54:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000001 (0x82e63d73, 0x00000000, 0xffff0000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 043011-18376-01.
30/04/2011 4:34:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
30/04/2011 4:10:16 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TV-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E192523-9849-43E4-8184-1F67C23C8EDE. The master browser is stopping or an election is being forced.
30/04/2011 4:05:15 AM, Error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
30/04/2011 1:56:11 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-WindowsUpdateClient/Operational.
30/04/2011 1:55:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
30/04/2011 1:51:25 PM, Error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
27/04/2011 1:31:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SUService service.
26/04/2011 6:27:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lenovo Doze Mode Service service to connect.
26/04/2011 6:27:25 PM, Error: Service Control Manager [7000] - The Lenovo Doze Mode Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/04/2011 6:21:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
26/04/2011 6:21:55 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/04/2011 6:21:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AcSvc service to connect.
26/04/2011 6:21:12 PM, Error: Service Control Manager [7000] - The AcSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/04/2011 6:19:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x85fab030, 0x82d36ae0, 0x8865d250). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042611-28891-01.
26/04/2011 1:22:14 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
25/04/2011 5:31:55 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
25/04/2011 4:54:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2011 4:54:19 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
24/04/2011 8:25:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2095752408/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
24/04/2011 8:25:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
24/04/2011 5:54:09 AM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.
.
==== End Of File ===========================

broni · 2011/04/30

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

====================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

quirkymac · 2011/04/30

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x9902C000 C:\Windows\system32\DRIVERS\NETwLv32.sys 6680576 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x93832000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5259264 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C10000 C:\Windows\system32\ntoskrnl.exe 4210688 bytes (Microsoft Corporation, NT Kernel & System)
0x82C10000 PnpManager 4210688 bytes
0x82C10000 RAW 4210688 bytes
0x82C10000 WMIxWDM 4210688 bytes
0x97180000 Win32k 2416640 bytes
0x97180000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C004000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x92DA0000 C:\Windows\system32\DRIVERS\SynTP.sys 1327104 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8BC4B000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x82025000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x93D36000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BE31000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x82128000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8B8E5000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xB1832000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x822DE000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8B805000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B990000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x92CE3000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x92F28000 C:\Windows\system32\drivers\ADIHdAud.sys 405504 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8BDB8000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8BF4B000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB1959000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x996D1000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xB1909000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x97040000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x93E69000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BAD1000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BA0F000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x92C15000 C:\Windows\system32\drivers\vpcvmm.sys 290816 bytes (Microsoft Corporation, Virtual PC Virtual Machine Monitor)
0x82275000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x92EE4000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B8A3000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x92C74000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8C188000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BEE8000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x92F8B000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x823BB000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x93DED000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x93E26000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x83014000 ACPI_HAL 225280 bytes
0x83014000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x93F8C000 C:\Windows\system32\DRIVERS\vpchbus.sys 221184 bytes (Microsoft Corporation, Virtual PC Host Bus Driver)
0x8BC06000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x93F25000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C23D000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8C3C2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C14E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x93800000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BB31000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x9968B000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8C1D8000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8BD7A000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BA68000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BB75000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x8C2F6000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x93EFF000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C280000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BF26000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8BBBA000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x82398000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x997AC000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB18D3000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x92D6D000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C340000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C205000 C:\Windows\System32\DRIVERS\Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0x8C2D7000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x93EC3000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8BFA5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97020000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x93EE2000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x82230000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x82000000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8224B000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x82363000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x93FD3000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x996B8000 C:\Windows\system32\drivers\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x92D47000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x99722000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x99789000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x997CE000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x93F67000 C:\Windows\system32\DRIVERS\vpcusb.sys 98304 bytes (Microsoft Corporation, Virtual USB Connector Driver)
0x997E6000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x99000000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C39F000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8BB5F000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8BDA5000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x822CB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BFE2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BB9F000 00000097 73728 bytes
0x99777000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x92D8E000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8237C000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BB9F000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8C26F000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x82214000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BC3A000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93FC2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BA9D000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8B88A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92C63000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x82265000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C225000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x822BB000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8BAC1000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8BFC4000 C:\Windows\system32\DRIVERS\vpcnfltr.sys 65536 bytes (Microsoft Corporation, Virtual PC Network Filter Driver)
0x93EB4000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x92D5F000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8BFD4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C391000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8BB23000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BE15000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x93F59000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8BA01000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9976A000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x821F3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9973A000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x821DC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x99749000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xB18F4000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x93F7F000 C:\Windows\system32\DRIVERS\usbrpm.sys 53248 bytes (Microsoft Corporation, Windows USB Redirection Policy Manager)
0x8C361000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x92CD7000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0xB19AB000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x8C3B6000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8C334000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BAB6000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x82200000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0xB1A5E000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8C386000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x997A1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x93E5E000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8BA92000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x821E9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8238E000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x92CBF000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x92CB5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x99017000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xB18C9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8BBDD000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8C1C7000 C:\Windows\System32\DRIVERS\ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xB1A27000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8BBB1000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8C31D000 C:\Windows\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0x8220B000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8BE28000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB1A69000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x973E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C17F000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x99761000 C:\Windows\system32\drivers\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8BA57000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B89B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BAAE000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C235000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BA60000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C36E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C376000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C37E000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C1D0000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xB1901000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8C32D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9975A000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 28672 bytes (Lenovo., ThinkPad Power Management Driver)
0x8BB1C000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xB1A30000 C:\Users\MILNEC~1\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C326000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x92C5C000 C:\Windows\System32\drivers\Tppwr32v.sys 28672 bytes (Lenovo Group Limited, Power Manager)
0x8C3F4000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92CCF000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78556BC7-DE85-41DF-B51B-BBF70576892A}\MpKsl4bb96043.sys 24576 bytes
0x92CC9000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B526E6C9-DB87-4999-840C-E2E6971C6B83}\MpKsl68878276.sys 24576 bytes
0xB1A58000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63439C32-2260-458A-8C55-E90115FA905B}\MpKslb70993a9.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x99021000 C:\Windows\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0x8BE23000 C:\Windows\System32\DRIVERS\DozeHDD.sys 20480 bytes (Lenovo., Doze Mode Kernel Driver for HDD control)
0x99756000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8201B000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x92CD5000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x99027000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x99747000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xB19E7F2E Unknown thread object [ ETHREAD 0x88B87020 ] , 600 bytes

quirkymac · 2011/04/30

ComboFix 11-04-30.01 - Milne Clan 01/05/2011 6:19.10.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3062.1986 [GMT 10:00]
Running from: c:\users\Milne Clan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 20:26 . 2011-04-30 20:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-30 20:26 . 2011-04-30 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 15:55 . 2011-04-30 15:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63439C32-2260-458A-8C55-E90115FA905B}\MpKslb70993a9.sys
2011-04-30 15:54 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63439C32-2260-458A-8C55-E90115FA905B}\mpengine.dll
2011-04-29 18:20 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 18:20 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 17:47 . 2011-04-29 17:47 -------- d-----w- c:\program files\Common Files\Java
2011-04-29 13:03 . 2011-01-29 20:33 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B3F84D7-84CD-40B3-A8DB-23F73F56D023}\gapaengine.dll
2011-04-26 08:51 . 2011-04-26 08:50 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2011-04-26 08:51 . 2011-04-26 08:50 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2011-04-26 08:51 . 2011-04-26 08:50 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-04-23 20:21 . 2011-04-23 20:21 -------- d-----w- c:\windows\system32\SPReview
2011-04-23 19:52 . 2011-04-23 19:53 -------- d-----w- c:\windows\system32\EventProviders
2011-04-23 19:49 . 2010-11-20 10:52 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-04-23 19:49 . 2010-11-20 10:52 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-04-23 19:49 . 2010-11-20 12:17 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-04-23 19:49 . 2010-11-20 12:17 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-04-23 19:49 . 2010-11-20 12:17 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-04-23 19:49 . 2010-11-20 10:50 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-04-23 19:49 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-23 19:47 . 2010-11-20 12:19 566272 ----a-w- c:\windows\system32\MPSSVC.dll
2011-04-23 19:46 . 2010-11-20 12:29 274304 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-04-23 19:45 . 2010-11-20 12:21 65024 ----a-w- c:\windows\system32\TSpkg.dll
2011-04-23 19:44 . 2010-11-20 12:00 6144 ----a-w- c:\windows\system32\KBDUS.DLL
2011-04-23 19:43 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-23 19:43 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-23 19:43 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-23 19:43 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-23 19:43 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-23 19:42 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-23 19:42 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-23 19:40 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-23 19:40 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-20 07:28 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-20 07:28 . 2011-03-07 05:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-20 07:28 . 2011-03-07 05:31 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-04-20 07:28 . 2011-03-07 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-16 20:24 . 2011-04-16 20:24 -------- d-----w- c:\windows\Applian Director
2011-04-16 20:23 . 2011-04-16 20:23 -------- d-----w- c:\windows\Replay Video Capture
2011-04-15 08:16 . 2011-04-15 08:16 119808 ----a-r- c:\users\Milne Clan\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-14 17:36 . 2011-04-14 17:36 -------- d-----w- C:\found.000
2011-04-11 15:01 . 2007-04-09 03:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-04-11 15:01 . 2007-04-09 03:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-04-11 14:59 . 2011-04-11 14:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-04-11 14:55 . 2011-04-11 14:55 -------- d-----r- C:\MSOCache
2011-04-08 21:19 . 2011-04-08 21:19 -------- d-----w- c:\users\Milne Clan\AppData\Roaming\PwrMgr
2011-04-08 20:53 . 2010-09-04 04:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-04-08 20:53 . 2010-09-04 04:06 42496 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-04-08 20:47 . 2011-02-01 04:05 38760 ----a-w- c:\windows\system32\ibmpmsvc.exe
2011-04-08 20:47 . 2011-02-01 04:05 35176 ----a-w- c:\windows\system32\tpinspm.dll
2011-04-08 20:47 . 2011-02-01 04:05 31984 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 20:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-11 07:04 . 2010-01-07 02:59 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-03 08:18 . 2010-05-26 02:39 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-27 20:29 . 2010-03-04 19:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-03-10 17:55 . 2010-04-10 22:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-03-10 17:54 . 2010-04-10 22:00 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-07 20:52 . 2011-03-07 20:52 79836 ----a-w- c:\windows\system32\fruninst.exe
2011-02-26 17:51 . 2010-03-04 19:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-19 06:30 . 2011-03-10 09:10 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-10 09:10 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-10 09:10 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-17 08:25 . 2011-03-20 04:20 1330864 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-02-17 08:24 . 2011-03-20 04:20 120104 ----a-w- c:\windows\system32\SynTPCo8.dll
2011-02-17 08:24 . 2011-03-20 04:20 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-02-17 08:23 . 2011-03-20 04:20 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-02-17 08:23 . 2011-03-20 04:20 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-02-03 05:54 . 2011-02-09 08:13 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 08:11 . 2010-01-04 06:16 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-12-15 1234280]
"LENOVO.TPFNF6R "= "c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-19 62752]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"AcWin7Hlpr "= "c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"Windows Mobile Device Center "= "c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Milne Clan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-1-18 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2010-07-01 08:25 337256 ----a-w- c:\windows\System32\TpShocks.exe
.
R1 MpKsl37dd5470;MpKsl37dd5470;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5043E1B2-C6B1-4355-883F-D70CEC5AE0A7}\MpKsl37dd5470.sys [x]
R1 MpKsl4bb96043;MpKsl4bb96043;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78556BC7-DE85-41DF-B51B-BBF70576892A}\MpKsl4bb96043.sys [x]
R1 MpKsl68878276;MpKsl68878276;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B526E6C9-DB87-4999-840C-E2E6971C6B83}\MpKsl68878276.sys [x]
R1 MpKsl73c16d89;MpKsl73c16d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF96D77-061B-4036-9F2A-4A7CC129CF6C}\MpKsl73c16d89.sys [x]
R1 MpKsl9a650936;MpKsl9a650936;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FA50487-E798-4E7E-A698-DEAB13AD92CA}\MpKsl9a650936.sys [x]
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-27 11648]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-12-15 128360]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 19456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FCF4.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-03-17 6630912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-12-09 21744]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-12-15 79208]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2010-04-06 377856]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-12-15 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 MpKslb70993a9;MpKslb70993a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63439C32-2260-458A-8C55-E90115FA905B}\MpKslb70993a9.sys [2011-04-30 28752]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-02 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-06 6639616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 21:17]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 21:17]
.
2011-04-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-01-27 22:29]
.
2011-04-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2011-01-27 22:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Milne Clan\AppData\Roaming\Mozilla\Firefox\Profiles\bpsfd0aw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Default Manager: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
MSConfigStartUp-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\FCF4.tmp "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath "= "\??\c:\program files\pc-doctor\pcdsrvc.pkms "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2748)
c:\program files\PC-Doctor\ATLPcdToolbar571733.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\PrintIsolationHost.exe
.
**************************************************************************
.
Completion time: 2011-05-01 06:40:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 20:40
.
Pre-Run: 33,685,815,296 bytes free
Post-Run: 33,174,974,464 bytes free
.
- - End Of File - - 9717650DE05333544DBDF5A783328B7E

broni · 2011/04/30

Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

quirkymac · 2011/04/30

Thanks for all your support with this issue and your diligence.
Subjectively the computer appears much healthier now, none of the 'freezing' issue in IE in the last few hours.
Will run OTL and post the results shortly.
Thanks again.

broni · 2011/04/30

Good news

quirkymac · 2011/04/30

OTL logfile created on: 1/05/2011 8:46:20 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Milne Clan\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 30.95 Gb Free Space | 20.76% Space Free | Partition Type: NTFS

Computer Name: MILNECLAN-PC | User Name: Milne Clan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 08:34:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Milne Clan\Desktop\OTL.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 16:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2010/12/03 09:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 11:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/11 11:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/19 13:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/19 13:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/09/17 16:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 16:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

========== Modules (SafeList) ==========

MOD - [2011/05/01 08:34:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Milne Clan\Desktop\OTL.exe
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/18 16:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/12/16 03:40:00 | 000,128,360 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/12/16 03:40:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/12/03 09:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 11:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/11/11 11:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/19 13:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/10/19 13:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/09/17 16:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 16:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/03/12 03:17:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/01/18 09:59:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKslb70993a9)
DRV - [2011/05/01 06:44:44 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5B6E842-E10F-4411-9F01-5E6854ECC7BF}\MpKsl09a6d14f.sys -- (MpKsl09a6d14f)
DRV - [2011/04/26 18:50:36 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/12/16 03:40:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/12/16 03:40:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010/12/10 09:09:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_0)
DRV - [2010/11/20 22:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 22:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 20:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WINUSB)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/10 01:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/10/24 20:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/07 04:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/06 14:12:00 | 000,377,856 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2010/03/17 22:13:14 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/10/07 07:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/14 08:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/16 14:44:42 | 000,516,480 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Ca1528av.sys -- (Ca1528av)
DRV - [2008/06/27 15:41:14 | 000,011,648 | ---- | M] (SunPlus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Bulk1528.sys -- (Bulk1528)
DRV - [2008/04/01 12:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/02/19 15:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2006/11/27 16:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "*.local "

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/28 18:20:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/16 01:37:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 13:27:15 | 000,000,000 | ---D | M]

[2010/08/16 10:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milne Clan\AppData\Roaming\Mozilla\Extensions
[2010/08/16 10:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milne Clan\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/06/22 06:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milne Clan\AppData\Roaming\Mozilla\Firefox\Profiles\bpsfd0aw.default\extensions
[2011/04/30 03:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 05:03:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/30 03:47:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/07/28 18:20:58 | 000,000,000 | ---D | M] (Default Manager) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/30 03:46:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/01 06:30:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
O3 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Milne Clan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 08:20:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Milne Clan\Desktop\OTL.exe
[2011/05/01 06:40:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/01 06:30:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/01 06:17:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/01 06:17:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/01 06:17:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/01 06:17:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 06:16:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 04:20:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/30 04:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 04:20:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/30 04:19:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Milne Clan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 03:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/26 18:51:55 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2011/04/26 18:51:55 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2011/04/26 18:51:55 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS
[2011/04/26 15:11:03 | 000,000,000 | ---D | C] -- C:\Users\Milne Clan\Documents\TMPGEnc
[2011/04/24 06:21:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/04/24 05:52:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/04/24 05:46:12 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/04/20 14:15:06 | 000,000,000 | ---D | C] -- C:\Users\Milne Clan\Desktop\alice
[2011/04/17 06:24:04 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
[2011/04/17 06:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2011/04/17 06:23:30 | 000,000,000 | ---D | C] -- C:\Windows\Replay Video Capture
[2011/04/15 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\Milne Clan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/04/15 03:36:28 | 000,000,000 | ---D | C] -- C:\found.000
[2011/04/12 00:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/12 00:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/04/12 00:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/12 00:55:39 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/12 00:10:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2011/04/09 07:19:13 | 000,000,000 | ---D | C] -- C:\Users\Milne Clan\AppData\Roaming\PwrMgr
[2011/04/04 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Milne Clan\Desktop\2011-04-03 wascoe

========== Files - Modified Within 30 Days ==========

[2011/05/01 08:34:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Milne Clan\Desktop\OTL.exe
[2011/05/01 08:21:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 06:41:25 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 06:41:25 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 06:38:44 | 000,632,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 06:38:44 | 000,112,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 06:30:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/01 06:29:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 06:29:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 06:29:23 | 2408,288,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 05:45:48 | 004,334,033 | R--- | M] () -- C:\Users\Milne Clan\Desktop\ComboFix.exe
[2011/05/01 05:35:47 | 000,133,632 | ---- | M] () -- C:\Users\Milne Clan\Desktop\RKUnhookerLE.EXE
[2011/04/30 13:19:43 | 000,625,664 | ---- | M] () -- C:\Users\Milne Clan\Desktop\dds.scr
[2011/04/30 12:50:41 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/04/30 05:39:15 | 000,080,384 | ---- | M] () -- C:\Users\Milne Clan\Desktop\MBRCheck.exe
[2011/04/30 04:20:35 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 04:20:01 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Milne Clan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 04:18:22 | 000,301,568 | ---- | M] () -- C:\Users\Milne Clan\Desktop\4xlyh67b.exe
[2011/04/26 18:50:36 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
[2011/04/26 18:50:36 | 000,059,488 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\GenSvcInst.exe
[2011/04/26 18:50:36 | 000,033,408 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS
[2011/04/26 15:10:26 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\TMPGEnc 4.0 XPress.lnk
[2011/04/24 08:23:39 | 001,769,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/20 09:03:41 | 000,018,432 | ---- | M] () -- C:\Users\Milne Clan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/17 04:50:38 | 000,000,286 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101222-054846.backup
[2011/04/16 16:54:27 | 005,907,291 | ---- | M] () -- C:\Users\Milne Clan\Desktop\EM6910_IB.pdf
[2011/04/16 04:23:21 | 000,071,273 | ---- | M] () -- C:\Users\Milne Clan\Desktop\812.jpg
[2011/04/16 04:21:17 | 000,072,558 | ---- | M] () -- C:\Users\Milne Clan\Desktop\808.jpg
[2011/04/16 04:19:15 | 000,061,556 | ---- | M] () -- C:\Users\Milne Clan\Desktop\801.jpg
[2011/04/15 18:16:53 | 000,002,531 | ---- | M] () -- C:\Users\Milne Clan\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/04/13 03:44:26 | 000,002,306 | ---- | M] () -- C:\Users\Milne Clan\Documents\cc_20110413_034423.reg
[2011/04/13 03:44:04 | 000,138,046 | ---- | M] () -- C:\Users\Milne Clan\Documents\cc_20110413_034357.reg
[2011/04/12 01:01:17 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/04/09 15:53:06 | 000,000,959 | ---- | M] () -- C:\Users\Milne Clan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/04/09 07:18:15 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/06 06:32:20 | 000,021,734 | ---- | M] () -- C:\Users\Milne Clan\Desktop\SCCZEN_170311SPLhoof-shoes_460x230.jpg

========== Files Created - No Company Name ==========

[2011/05/01 06:17:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/01 06:17:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/01 06:17:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/01 06:17:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/01 05:45:40 | 004,334,033 | R--- | C] () -- C:\Users\Milne Clan\Desktop\ComboFix.exe
[2011/05/01 05:35:45 | 000,133,632 | ---- | C] () -- C:\Users\Milne Clan\Desktop\RKUnhookerLE.EXE
[2011/04/30 13:19:37 | 000,625,664 | ---- | C] () -- C:\Users\Milne Clan\Desktop\dds.scr
[2011/04/30 05:39:13 | 000,080,384 | ---- | C] () -- C:\Users\Milne Clan\Desktop\MBRCheck.exe
[2011/04/30 04:20:35 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 04:18:10 | 000,301,568 | ---- | C] () -- C:\Users\Milne Clan\Desktop\4xlyh67b.exe
[2011/04/26 15:10:26 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\TMPGEnc 4.0 XPress.lnk
[2011/04/24 05:48:12 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/04/24 05:45:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/24 05:45:18 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/04/24 05:44:56 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/04/16 16:54:20 | 005,907,291 | ---- | C] () -- C:\Users\Milne Clan\Desktop\EM6910_IB.pdf
[2011/04/16 04:23:40 | 000,071,273 | ---- | C] () -- C:\Users\Milne Clan\Desktop\812.jpg
[2011/04/16 04:22:39 | 000,072,558 | ---- | C] () -- C:\Users\Milne Clan\Desktop\808.jpg
[2011/04/16 04:19:37 | 000,061,556 | ---- | C] () -- C:\Users\Milne Clan\Desktop\801.jpg
[2011/04/15 18:16:53 | 000,002,531 | ---- | C] () -- C:\Users\Milne Clan\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/04/14 19:46:57 | 003,532,606 | ---- | C] () -- C:\Billion-7800N_A_v1.05.afw
[2011/04/13 03:44:25 | 000,002,306 | ---- | C] () -- C:\Users\Milne Clan\Documents\cc_20110413_034423.reg
[2011/04/13 03:44:00 | 000,138,046 | ---- | C] () -- C:\Users\Milne Clan\Documents\cc_20110413_034357.reg
[2011/04/12 01:01:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/09 15:53:06 | 000,000,959 | ---- | C] () -- C:\Users\Milne Clan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/04/06 06:32:27 | 000,021,734 | ---- | C] () -- C:\Users\Milne Clan\Desktop\SCCZEN_170311SPLhoof-shoes_460x230.jpg
[2011/03/04 07:17:09 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySMPEG2AVI.dat
[2011/03/04 07:16:59 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/01/20 16:37:14 | 000,018,432 | ---- | C] () -- C:\Users\Milne Clan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 21:39:11 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/26 07:09:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/10 01:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 01:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 01:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 01:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/23 00:30:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/10/23 00:30:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/31 13:48:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/24 05:27:51 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/02/21 06:46:27 | 000,014,115 | ---- | C] () -- C:\Windows\twspmm.ini
[2010/02/01 14:08:46 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/25 07:01:52 | 000,000,539 | ---- | C] () -- C:\Users\Milne Clan\AppData\Local\CastleLinkProps.dat
[2010/01/04 16:19:59 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/06 16:01:42 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 001,769,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,632,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,112,732 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/12/08 09:27:16 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Canon
[2011/03/05 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\FVZilla
[2011/04/13 03:37:14 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\GetRight
[2011/03/04 12:48:25 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\GrabPro
[2010/12/26 09:14:23 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Leadertech
[2010/03/09 16:48:42 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\LEAPS
[2010/02/01 14:11:32 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Leawo
[2010/01/07 19:00:28 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\OpenOffice.org
[2011/03/05 11:10:54 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Orbit
[2011/04/26 18:56:16 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Pegasys Inc
[2011/03/04 12:48:30 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\ProgSense
[2011/04/09 07:19:13 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\PwrMgr
[2010/01/18 14:45:22 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Red Alert 3
[2010/08/16 10:24:29 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\TomTom
[2010/04/17 13:59:07 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Uniblue
[2011/03/25 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Update
[2011/04/29 23:01:40 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\uTorrent
[2011/01/14 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Xilisoft
[2011/04/09 07:18:15 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/10/23 14:05:03 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/30 12:50:41 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

quirkymac · 2011/04/30

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/12 02:19:03 | 000,001,788 | ---- | M] () -- C:\aaw7boot.log
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/07/30 12:13:42 | 003,532,606 | ---- | M] () -- C:\Billion-7800N_A_v1.05.afw
[2010/11/20 22:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/01/05 09:45:32 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/01 06:40:50 | 000,019,072 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/05/01 06:29:23 | 2408,288,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/13 09:53:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/31 13:34:02 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/02/13 09:53:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/01 06:29:28 | 3211,051,008 | -HS- | M] () -- C:\pagefile.sys
[2010/03/29 22:48:43 | 000,008,188 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_29.03.2010_23.48.33_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 14:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 14:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 14:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 14:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 07:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 11:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDAF.DLL
[2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPAF.DLL
[2009/07/14 11:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2010/11/20 22:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/07 17:19:28 | 000,297,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/03/13 11:10:28 | 000,001,686 | -HS- | M] () -- C:\Users\Milne Clan\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 14:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/16 05:30:23 | 000,000,221 | -HS- | M] () -- C:\Users\Milne Clan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/30 04:18:22 | 000,301,568 | ---- | M] () -- C:\Users\Milne Clan\Desktop\4xlyh67b.exe
[2011/05/01 05:45:48 | 004,334,033 | R--- | M] () -- C:\Users\Milne Clan\Desktop\ComboFix.exe
[2011/04/30 04:20:01 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Milne Clan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 05:39:15 | 000,080,384 | ---- | M] () -- C:\Users\Milne Clan\Desktop\MBRCheck.exe
[2011/05/01 08:34:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Milne Clan\Desktop\OTL.exe
[2011/05/01 05:35:47 | 000,133,632 | ---- | M] () -- C:\Users\Milne Clan\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2008/08/30 07:39:50 | 000,005,860 | ---- | M] () -- C:\Windows\twspmm.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
[2010/10/22 13:14:14 | 000,000,203 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16.p5p
[2010/10/22 13:14:14 | 000,000,187 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_da.p5p
[2010/10/22 13:14:14 | 000,000,232 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_de.p5p
[2010/10/22 13:14:14 | 000,000,206 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_es.p5p
[2010/10/22 13:14:14 | 000,000,166 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_fi.p5p
[2010/10/22 13:14:14 | 000,000,239 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_fr.p5p
[2010/10/22 13:14:14 | 000,000,209 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_it.p5p
[2010/10/22 13:14:14 | 000,000,246 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_ja.p5p
[2010/10/22 13:14:14 | 000,000,227 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_ko.p5p
[2010/10/22 13:14:14 | 000,000,191 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_nb.p5p
[2010/10/22 13:14:14 | 000,000,176 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_nl.p5p
[2010/10/22 13:14:14 | 000,000,200 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_pl.p5p
[2010/10/22 13:14:14 | 000,000,202 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_pt.p5p
[2010/10/22 13:14:14 | 000,000,346 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_ru.p5p
[2010/10/22 13:14:14 | 000,000,178 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_sv.p5p
[2010/10/22 13:14:14 | 000,000,153 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_zh-cn.p5p
[2010/10/22 13:14:14 | 000,000,153 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc-53a0e557-aa4a-4941-bf87-269a4563fc16_zh-tw.p5p
[2010/10/23 06:57:44 | 000,018,512 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
[2010/06/18 15:12:58 | 000,000,044 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\0e53a45b-5a41-43e5-96ab-776b00e48a6e-51507ce0-0b3e-44c9-a0bc-1bdae2a46536.p5p
[2010/06/18 15:01:36 | 000,016,368 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
[2011/02/15 11:07:06 | 000,000,247 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569-05be490f-e81a-4eb4-b6bb-a8f80c21ee6a.p5p
[2011/02/15 11:07:06 | 000,000,309 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569-05be490f-e81a-4eb4-b6bb-a8f80c21ee6a_de.p5p
[2011/02/15 11:07:06 | 000,000,307 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569-05be490f-e81a-4eb4-b6bb-a8f80c21ee6a_fr.p5p
[2011/02/15 11:07:06 | 000,000,375 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569-05be490f-e81a-4eb4-b6bb-a8f80c21ee6a_ja.p5p
[2011/02/15 11:07:06 | 000,000,217 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569-05be490f-e81a-4eb4-b6bb-a8f80c21ee6a_zh-cn.p5p
[2011/02/16 05:50:19 | 000,039,504 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569.dll
[2010/08/18 10:27:14 | 000,000,260 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\434b795d-fe06-4495-801e-fa92d93babbc-22697878-46ef-40bf-aa37-55d0d7bf98be.p5p
[2010/08/19 04:15:31 | 000,018,512 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\434b795d-fe06-4495-801e-fa92d93babbc.dll
[2010/08/18 11:28:52 | 000,000,050 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\562ad818-216b-4d77-8b40-834630104d2c-ca2f9bd4-359e-4a9d-b830-84f01c59cf5b.p5p
[2010/08/19 05:17:04 | 000,017,488 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\562ad818-216b-4d77-8b40-834630104d2c.dll
[2010/08/17 14:23:50 | 000,000,203 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80.p5p
[2010/08/17 14:23:50 | 000,000,187 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_da.p5p
[2010/08/17 14:23:50 | 000,000,232 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_de.p5p
[2010/08/17 14:23:50 | 000,000,206 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_es.p5p
[2010/08/17 14:23:50 | 000,000,166 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_fi.p5p
[2010/08/17 14:23:50 | 000,000,239 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_fr.p5p
[2010/08/17 14:23:50 | 000,000,209 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_it.p5p
[2010/08/17 14:23:50 | 000,000,246 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_ja.p5p
[2010/08/17 14:23:50 | 000,000,227 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_ko.p5p
[2010/08/17 14:23:50 | 000,000,191 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_nb.p5p
[2010/08/17 14:23:50 | 000,000,176 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_nl.p5p
[2010/08/17 14:23:50 | 000,000,200 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_pl.p5p
[2010/08/17 14:23:50 | 000,000,202 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_pt.p5p
[2010/08/17 14:23:50 | 000,000,346 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_ru.p5p
[2010/08/17 14:23:50 | 000,000,178 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_sv.p5p
[2010/08/17 14:23:50 | 000,000,153 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_zh-cn.p5p
[2010/08/17 14:23:50 | 000,000,159 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f-71d06fd7-05e5-483a-999a-144e0d18ac80_zh-tw.p5p
[2010/08/18 08:12:16 | 000,017,488 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f.dll
[2010/08/18 10:24:24 | 000,000,259 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\83db0f34-4452-4946-92c2-31dcd99767dd-f17f4d1d-8742-4761-a6f2-ad4108699e96.p5p
[2010/08/19 04:12:39 | 000,018,512 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\83db0f34-4452-4946-92c2-31dcd99767dd.dll
[2010/08/17 15:10:36 | 000,000,203 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019.p5p
[2010/08/17 15:10:36 | 000,000,187 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_da.p5p
[2010/08/17 15:10:36 | 000,000,232 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_de.p5p
[2010/08/17 15:10:36 | 000,000,206 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_es.p5p
[2010/08/17 15:10:36 | 000,000,166 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_fi.p5p
[2010/08/17 15:10:36 | 000,000,239 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_fr.p5p
[2010/08/17 15:10:36 | 000,000,209 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_it.p5p
[2010/08/17 15:10:36 | 000,000,246 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_ja.p5p
[2010/08/17 15:10:36 | 000,000,227 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_ko.p5p
[2010/08/17 15:10:36 | 000,000,191 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_nb.p5p
[2010/08/17 15:10:36 | 000,000,176 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_nl.p5p
[2010/08/17 15:10:36 | 000,000,200 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_pl.p5p
[2010/08/17 15:10:36 | 000,000,202 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_pt.p5p
[2010/08/17 15:10:36 | 000,000,346 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_ru.p5p
[2010/08/17 15:10:36 | 000,000,178 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_sv.p5p
[2010/08/17 15:10:36 | 000,000,153 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_zh-cn.p5p
[2010/08/17 15:10:36 | 000,000,159 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3-294f7ba7-0a7e-4abd-bb8c-6f7d78792019_zh-tw.p5p
[2010/08/18 08:59:00 | 000,018,000 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
[2010/05/21 11:09:54 | 000,000,000 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\9ad80016-92d9-41a4-9436-c44907366397-94b17d1d-185f-43e9-92c8-6695ee351578.p5p
[2010/05/21 11:10:22 | 000,016,368 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\9ad80016-92d9-41a4-9436-c44907366397.dll
[2011/03/29 11:08:16 | 000,000,372 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381.p5p
[2011/03/29 11:08:16 | 000,000,394 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_da.p5p
[2011/03/29 11:08:16 | 000,000,496 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_de.p5p
[2011/03/29 11:08:16 | 000,000,480 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_es.p5p
[2011/03/29 11:08:16 | 000,000,482 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_fi.p5p
[2011/03/29 11:08:16 | 000,000,473 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_fr.p5p
[2011/03/29 11:08:16 | 000,000,499 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_it.p5p
[2011/03/29 11:08:16 | 000,000,521 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_ja.p5p
[2011/03/29 11:08:16 | 000,000,447 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_ko.p5p
[2011/03/29 11:08:16 | 000,000,373 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_nb.p5p
[2011/03/29 11:08:16 | 000,000,431 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_nl.p5p
[2011/03/29 11:08:16 | 000,000,463 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_pl.p5p
[2011/03/29 11:08:16 | 000,000,426 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_pt.p5p
[2011/03/29 11:08:16 | 000,000,728 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_ru.p5p
[2011/03/29 11:08:16 | 000,000,399 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_sv.p5p
[2011/03/29 11:08:16 | 000,000,342 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_zh-cn.p5p
[2011/03/29 11:08:16 | 000,000,351 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e-5b1b738b-b2d8-4889-882e-07c17ea62381_zh-tw.p5p
[2011/03/30 04:48:17 | 000,020,048 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e.dll
[2010/08/18 11:17:42 | 000,000,057 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\b34a10f6-a592-424f-af97-b051783f9dd2-502d8695-947b-4c9f-9e47-60ea7777ebdf.p5p
[2010/08/19 05:05:58 | 000,017,488 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\b34a10f6-a592-424f-af97-b051783f9dd2.dll
[2010/08/17 14:09:38 | 000,000,339 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0.p5p
[2010/08/17 14:09:38 | 000,000,384 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_da.p5p
[2010/08/17 14:09:38 | 000,000,439 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_de.p5p
[2010/08/17 14:09:38 | 000,000,402 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_es.p5p
[2010/08/17 14:09:38 | 000,000,464 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_fi.p5p
[2010/08/17 14:09:38 | 000,000,472 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_fr.p5p
[2010/08/17 14:09:38 | 000,000,408 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_it.p5p
[2010/08/17 14:09:38 | 000,000,485 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_ja.p5p
[2010/08/17 14:09:38 | 000,000,433 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_ko.p5p
[2010/08/17 14:09:38 | 000,000,378 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_nb.p5p
[2010/08/17 14:09:38 | 000,000,404 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_nl.p5p
[2010/08/17 14:09:38 | 000,000,418 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_pl.p5p
[2010/08/17 14:09:38 | 000,000,392 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_pt.p5p
[2010/08/17 14:09:38 | 000,000,669 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_ru.p5p
[2010/08/17 14:09:38 | 000,000,385 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_sv.p5p
[2010/08/17 14:09:38 | 000,000,304 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_zh-cn.p5p
[2010/08/17 14:09:38 | 000,000,310 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60-55898fb7-5ccf-4e52-b8e2-c1b9a30020e0_zh-tw.p5p
[2010/08/18 07:58:01 | 000,017,488 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
[2010/10/08 10:57:44 | 000,000,285 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055.p5p
[2010/10/08 10:57:44 | 000,000,186 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_da.p5p
[2010/10/08 10:57:44 | 000,000,196 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_de.p5p
[2010/10/08 10:57:44 | 000,000,231 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_es.p5p
[2010/10/08 10:57:44 | 000,000,192 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_fi.p5p
[2010/10/08 10:57:44 | 000,000,224 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_fr.p5p
[2010/10/08 10:57:44 | 000,000,217 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_it.p5p
[2010/10/08 10:57:44 | 000,000,225 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_ja.p5p
[2010/10/08 10:57:44 | 000,000,243 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_ko.p5p
[2010/10/08 10:57:44 | 000,000,216 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_nb.p5p
[2010/10/08 10:57:44 | 000,000,184 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_nl.p5p
[2010/10/08 10:57:44 | 000,000,209 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_pl.p5p
[2010/10/08 10:57:44 | 000,000,200 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_pt.p5p
[2010/10/08 10:57:44 | 000,000,262 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_ru.p5p
[2010/10/08 10:57:44 | 000,000,188 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_sv.p5p
[2010/10/08 10:57:44 | 000,000,164 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_zh-cn.p5p
[2010/10/08 10:57:44 | 000,000,167 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2-faa25953-e7f6-4655-a37a-ef56bd336055_zh-tw.p5p
[2010/10/09 04:42:21 | 000,018,512 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
[2010/08/18 11:26:42 | 000,000,331 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\ec6735a3-9204-4734-bb0f-5859e58b13b2-516fd882-9853-4186-b5b6-768150be6bc4.p5p
[2010/08/19 05:14:56 | 000,017,488 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
[2010/09/27 12:37:02 | 000,000,201 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77.p5p
[2010/09/27 12:37:02 | 000,000,254 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_da.p5p
[2010/09/27 12:37:02 | 000,000,283 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_de.p5p
[2010/09/27 12:37:02 | 000,000,254 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_es.p5p
[2010/09/27 12:37:02 | 000,000,237 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_fi.p5p
[2010/09/27 12:37:02 | 000,000,268 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_fr.p5p
[2010/09/27 12:37:02 | 000,000,253 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_it.p5p
[2010/09/27 12:37:02 | 000,000,366 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_ja.p5p
[2010/09/27 12:37:02 | 000,000,360 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_ko.p5p
[2010/09/27 12:37:02 | 000,000,267 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_nl.p5p
[2010/09/27 12:37:02 | 000,000,265 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_pl.p5p
[2010/09/27 12:37:02 | 000,000,236 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_pt.p5p
[2010/09/27 12:37:02 | 000,000,396 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_ru.p5p
[2010/09/27 12:37:02 | 000,000,207 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_sv.p5p
[2010/09/27 12:37:02 | 000,000,203 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_zh-cn.p5p
[2010/09/27 12:37:02 | 000,000,200 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c-6e424466-4307-4ab9-82ab-eba6860d6a77_zh-tw.p5p
[2010/09/28 06:21:26 | 000,019,536 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
[2010/08/18 10:17:24 | 000,000,222 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f64109b2-74cc-4638-ae17-228b7886774b-a7cd0963-b813-49a3-822c-aef8c4adde46.p5p
[2010/08/19 04:05:44 | 000,035,408 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\f64109b2-74cc-4638-ae17-228b7886774b.dll
[2010/08/18 10:51:52 | 000,000,203 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d.p5p
[2010/08/18 10:51:52 | 000,000,187 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_da.p5p
[2010/08/18 10:51:52 | 000,000,232 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_de.p5p
[2010/08/18 10:51:52 | 000,000,206 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_es.p5p
[2010/08/18 10:51:52 | 000,000,166 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_fi.p5p
[2010/08/18 10:51:52 | 000,000,239 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_fr.p5p
[2010/08/18 10:51:52 | 000,000,209 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_it.p5p
[2010/08/18 10:51:52 | 000,000,246 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_ja.p5p
[2010/08/18 10:51:52 | 000,000,227 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_ko.p5p
[2010/08/18 10:51:52 | 000,000,191 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_nb.p5p
[2010/08/18 10:51:52 | 000,000,176 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_nl.p5p
[2010/08/18 10:51:52 | 000,000,200 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_pl.p5p
[2010/08/18 10:51:52 | 000,000,202 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_pt.p5p
[2010/08/18 10:51:52 | 000,000,346 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_ru.p5p
[2010/08/18 10:51:52 | 000,000,178 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_sv.p5p
[2010/08/18 10:51:52 | 000,000,153 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_zh-cn.p5p
[2010/08/18 10:51:52 | 000,000,153 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27-4a929f9e-3f39-460b-a76b-8f0a8e85911d_zh-tw.p5p
[2010/08/19 04:40:07 | 000,017,488 | ---- | M] () -- C:\Program Files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
[2010/04/23 07:59:42 | 000,012,784 | ---- | M] (Microsoft) -- C:\Program Files\PC-Doctor\Downloads\proxy-74492c49-e416-4663-89bb-684651f1ab67.dll

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 07:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/04/24 08:24:57 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/04/24 08:24:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/03/26 15:56:07 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/03/26 15:56:09 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/04/24 08:24:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/24 08:27:00 | 000,000,402 | -HS- | M] () -- C:\Users\Milne Clan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

quirkymac · 2011/04/30

OTL Extras logfile created on: 1/05/2011 8:46:20 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Milne Clan\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 30.95 Gb Free Space | 20.76% Space Free | Partition Type: NTFS

Computer Name: MILNECLAN-PC | User Name: Milne Clan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4145999798-798303625-3923857219-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{035C76D2-7D8E-484D-8CA3-686C0B474A2B}" = MSVCRT
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46BAF2A0-3789-4E49-B000-4BB64426D1BF}" = Windows Live Installer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46C106C9-3856-4A6A-AAC8-7070FBA02D2F}" = Windows Live Movie Maker
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEF84D8-A2B5-4A6F-A11B-4E9F70290682}" = MyVirtualHome
"{4B82E2B4-D5BF-451B-AF87-46745F185CFF}" = Castle Link
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}" = D3DX10
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{61E7F654-7D99-4C69-94D8-DF53E297AF9B}" = Windows Live Photo Common
"{6592C2B8-949A-4C88-BCB9-0990A218B215}" = Windows Live UX Platform
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B0AE911-A3F4-4D55-9CA7-C76DC2BCEA86}" = Windows Live UX Platform Language Pack
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{74B0BEB0-2EB3-448F-B8E9-40983BC902E1}" = Windows Live SOXE Definitions
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7EFA8362-CE86-46E7-BEB9-B2DB4F0D0EE6}" = Windows Live Photo Gallery Beta
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91803386-4FBD-4C38-9644-26B0F9464031}" = Windows Live Photo Gallery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BD2B33-FDB8-4DE5-87B3-2810CAF4A6E4}" = Windows Live PIMT Platform
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CCF6B621-7C92-4A45-9A87-F7968D87925A}" = Windows Live ID Sign-in Assistant
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4790ACB-4BB4-4FE6-9F64-1D4486C8E40C}" = Windows Live Photo Common Beta
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi Software
"{D943C8AC-9E03-4C2D-B54C-A28ABE931665}" = Windows Live Movie Maker
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EACF374B-9D4C-4A07-8EB3-706BD8DAA650}" = Windows Live Essentials Beta
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFBE9DAB-9C80-4911-847B-2A2C25E8F9CB}" = Windows Live SOXE
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA5D1C9E-154D-49B1-8CF0-DF5FAB6171EA}" = Windows Live Communications Platform
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"94703D1C50646DF5FB8D0FB50EB2216330EB89C9" = Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials Beta
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/04/30

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | System | Running] -- -- (MpKslb70993a9)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
O3 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKU\S-1-5-21-4145999798-798303625-3923857219-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/04/17 13:59:07 | 000,000,000 | ---D | M] -- C:\Users\Milne Clan\AppData\Roaming\Uniblue


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

quirkymac · 2011/04/30

All processes killed
========== OTL ==========
Error: No service named MpKslb70993a9 was found to stop!
Service\Driver key MpKslb70993a9 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ not found.
Registry value HKEY_USERS\S-1-5-21-4145999798-798303625-3923857219-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_USERS\S-1-5-21-4145999798-798303625-3923857219-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Milne Clan\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Milne Clan\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Milne Clan\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Milne Clan\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Milne Clan\AppData\Roaming\Uniblue folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Milne Clan
->Temp folder emptied: 1572 bytes
->Temporary Internet Files folder emptied: 28759699 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 3862 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1610 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Milne Clan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05012011_103125

Files\Folders moved on Reboot...
C:\Users\Milne Clan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EINUML4O\98843-active-super-slow-computer-after-detecting-obfuscator-xx-virus[1].html moved successfully.

Registry entries deleted on Reboot...

quirkymac · 2011/04/30

I am not sure if this is related but I got a BSOD just before running OTL (for the scan), which is not normal with this computer.

broni · 2011/04/30

It may happen while using those kind of tools.
Go on.....

quirkymac · 2011/04/30

More behaviours of concern. When I came into windowsbbs and tried to download the security check and TFC files I had another episode of IE stalling badly, in fact the whole computer ground to a standstill.
Again it may have been unrelated (or too soon after the reboot) but it was scarily slow for a few minutes there!
Proceeding....

quirkymac · 2011/04/30

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

Log in or Sign up

Solved Super slow computer after detecting obfuscator.xx virus

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Super slow computer after detecting obfuscator.xx virus

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

broni Moderator Malware Analyst

quirkymac Inactive Thread Starter

quirkymac Inactive Thread Starter

Share This Page

Useful Searches