1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirected when using Firefox and Google

Discussion in 'Virus & Other Malware Removal' started by adnaps1, Sep 14, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
  2. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    I forgot to mention that sometimes I am redirected to a page that just says "old session or bad record". Thanks.
     
  3. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    Sorry, I didn't read the instructions before posting. My HijackThis log and the contents of DDS.txt are below and Attach.txt is attached. I waited for about 2.5 hours for GMER to run and before it completed, my system crashed (I got a blue screen), so I don't have the contents of ark.txt. Thanks for your help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:58:32 PM, on 9/14/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18943)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Alarm Clock\Alarm Tray.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\TpShocks.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
    C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Julieta & Ankit\My Installation files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [Olcoalv] rundll32 "C:\Users\Julieta\AppData\Roaming\e1e6032N.dll",Pbbian
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Dropbox.lnk = Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpirexe.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\Program Files\Alarm Clock\AlarmMonitor.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
    O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\system32\WebUpdateSvc4.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 16815 bytes





    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Julieta at 14:03:03.53 on Tue 09/14/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.721 [GMT -5:00]

    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Windows\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
    C:\Windows\system32\WebUpdateSvc4.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Alarm Clock\AlarmMonitor.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Alarm Clock\Alarm Tray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\TpShocks.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
    C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Julieta\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uSearch Bar =
    uStart Page = hxxp://mail.yahoo.com/
    mDefault_Page_URL = hxxp://lenovo.live.com
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Quick Hide Windows]
    uRun: [Olcoalv] rundll32 "c:\users\julieta\appdata\roaming\e1e6032N.dll",Pbbian
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
    mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    StartupFolder: c:\users\julieta\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\julieta\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: aol.com\free
    Trusted Zone: umanitoba.ca\osav.cc
    DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4}
    DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\julieta\appdata\roaming\mozilla\firefox\profiles\1sodi5vs.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\julieta\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\julieta\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\julieta\appdata\roaming\mozilla\firefox\profiles\1sodi5vs.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\julieta\appdata\roaming\mozilla\firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-24 24304]
    R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2009-10-9 120360]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-6 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-6 243024]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-7-17 13480]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR32V.SYS [2008-12-21 11552]
    R2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\alarm clock\AlarmMonitor.exe [2008-5-31 852144]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-3-23 20376]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-6 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-6 308136]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-1-24 132456]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-9 93032]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-22 47640]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-1-24 75112]
    R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 63928]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-10 569344]
    R2 UpekSrvc;Upek Service;c:\program files\thinkvantage fingerprint software\upeksrvc.exe [2009-12-1 35080]
    R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-6-25 229592]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-4 29472]
    R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-9-9 45496]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-25 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-12 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-3-25 16896]

    =============== Created Last 30 ================

    2010-09-10 23:30 29,272 a----r-- c:\windows\system32\AdobePDF.dll
    2010-09-10 04:12 <DIR> --d----- c:\program files\common files\Macrovision Shared
    2010-09-08 22:34 <DIR> --d----- c:\programdata\Nero
    2010-09-08 22:34 <DIR> --d----- c:\progra~2\Nero
    2010-09-08 22:33 <DIR> --d----- c:\program files\Nero
    2010-09-08 20:31 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
    2010-09-08 20:30 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
    2010-09-08 20:30 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
    2010-09-08 20:29 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
    2010-09-08 20:29 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
    2010-09-06 14:47 12,536 a------- c:\windows\system32\avgrsstx.dll
    2010-09-06 14:47 243,024 a------- c:\windows\system32\drivers\avgtdix.sys
    2010-09-06 14:47 216,400 a------- c:\windows\system32\drivers\avgldx86.sys
    2010-09-06 14:47 <DIR> --d----- c:\windows\system32\drivers\Avg
    2010-09-06 14:44 <DIR> --d----- c:\programdata\avg9
    2010-09-06 14:44 <DIR> --d----- c:\progra~2\avg9
    2010-09-06 13:22 <DIR> --d----- c:\program files\Capturix VideoSpy
    2010-09-05 21:13 <DIR> --d----- c:\users\julieta\appdata\roaming\OpenOffice.org
    2010-09-05 21:09 <DIR> --d----- c:\program files\JRE
    2010-09-05 21:08 <DIR> --d----- c:\program files\OpenOffice.org 3
    2010-09-05 21:08 423,656 a------- c:\windows\system32\deployJava1.dll
    2010-09-05 17:39 <DIR> --d----- c:\users\julieta\appdata\roaming\Xilisoft
    2010-09-05 17:38 <DIR> --d----- c:\program files\MSECache
    2010-09-05 03:32 92,672 a--shr-- c:\users\julieta\appdata\roaming\e1e6032N.dll
    2010-09-05 03:30 <DIR> --d----- c:\users\julieta\appdata\roaming\Leawo
    2010-09-05 03:29 438,272 a------- c:\windows\system32\Mpeg2DecFilter.ax
    2010-09-05 03:29 <DIR> --d----- c:\program files\Leawo
    2010-09-04 00:52 <DIR> --d----- c:\program files\E.M. PowerPoint Video Converter
    2010-09-04 00:46 <DIR> --d----- c:\users\julieta\appdata\roaming\GeoVid
    2010-09-04 00:46 60,416 a------- c:\windows\system32\dsetup.dll
    2010-09-04 00:46 <DIR> --d----- c:\program files\common files\GeoVid
    2010-08-22 22:45 <DIR> --d----- c:\users\julieta\appdata\roaming\Update
    2010-08-19 01:02 <DIR> --d----- c:\program files\Lame for Audacity

    ==================== Find3M ====================

    2010-09-14 11:08 143,360 a------- c:\windows\inf\infstrng.dat
    2010-09-14 11:08 86,016 a------- c:\windows\inf\infpub.dat
    2010-09-10 23:34 3,204 a------- c:\windows\bthservsdp.dat
    2010-09-10 03:16 143,360 a------- c:\windows\inf\infstor.dat
    2010-08-25 03:30 394,600 -------- c:\windows\PWMBTHLV.EXE
    2010-08-25 03:30 24,304 -------- c:\windows\system32\drivers\DOZEHDD.SYS
    2010-08-25 03:30 11,552 -------- c:\windows\system32\drivers\TPPWR32V.SYS
    2010-07-25 18:01 56 a---h--- c:\programdata\ezsidmv.dat
    2010-07-25 18:01 56 a---h--- c:\progra~2\ezsidmv.dat
    2010-06-30 15:18 665,600 a------- c:\windows\inf\drvindex.dat
    2010-06-26 20:08 348,160 -------- c:\windows\system32\msvcr71.dll
    2010-06-26 01:05 916,480 a------- c:\windows\system32\wininet.dll
    2010-06-26 01:02 109,056 a------- c:\windows\system32\iesysprep.dll
    2010-06-26 01:02 71,680 a------- c:\windows\system32\iesetup.dll
    2010-06-25 23:25 133,632 a------- c:\windows\system32\ieUnatt.exe
    2010-06-21 08:37 2,037,760 a------- c:\windows\system32\win32k.sys
    2010-06-18 12:31 36,864 a------- c:\windows\system32\rtutils.dll
    2009-03-25 01:43 174 ---sh--- c:\program files\desktop.ini
    2006-11-02 07:42 287,440 -------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 07:42 287,440 -------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 07:42 30,674 -------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 07:42 30,674 -------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 04:20 287,440 -------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 04:20 287,440 -------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 04:20 30,674 -------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 04:20 30,674 -------- c:\windows\inf\perflib\0000\perfc.dat
    2010-06-01 21:30 16,384 ---sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-06-01 21:30 16,384 ---sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-06-01 21:30 32,768 ---sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
    2009-12-20 19:17 245,760 ---sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 14:03:35.71 ===============
     

    Attached Files:

  4. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  5. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    Thanks for the quick reply. Here you go...

    ComboFix 10-09-14.01 - Julieta 09/14/2010 20:52:30.1.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.986 [GMT -5:00]
    Running from: c:\julieta & ankit\My Installation files\ComboFix.exe
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Julieta\AppData\Roaming\e1e6032N.dll
    c:\windows\system32\fonts
    c:\windows\system32\fonts\Courier-Bold.afm
    c:\windows\system32\fonts\Courier-BoldOblique.afm
    c:\windows\system32\fonts\Courier-Oblique.afm
    c:\windows\system32\fonts\Courier.afm
    c:\windows\system32\fonts\Helvetica-Bold.afm
    c:\windows\system32\fonts\Helvetica-BoldOblique.afm
    c:\windows\system32\fonts\Helvetica-Oblique.afm
    c:\windows\system32\fonts\Helvetica.afm
    c:\windows\system32\fonts\Symbol.afm
    c:\windows\system32\fonts\Times-Bold.afm
    c:\windows\system32\fonts\Times-BoldItalic.afm
    c:\windows\system32\fonts\Times-Italic.afm
    c:\windows\system32\fonts\Times-Roman.afm
    c:\windows\system32\fonts\ZapfDingbats.afm

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
    .

    2010-09-15 02:04 . 2010-09-15 02:11 -------- d-----w- c:\users\Julieta\AppData\Local\temp
    2010-09-15 02:04 . 2010-09-15 02:04 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC\AppData\Local\temp
    2010-09-15 02:04 . 2010-09-15 02:04 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC.Julieta-PC\AppData\Local\temp
    2010-09-15 02:04 . 2010-09-15 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-14 23:45 . 2010-09-14 23:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2010-09-14 23:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-14 23:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-14 23:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-14 23:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-11 04:30 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-09-10 09:12 . 2010-09-10 09:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\users\Julieta\AppData\Local\Nero_AG
    2010-09-09 03:50 . 2010-09-09 03:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Nero
    2010-09-09 03:34 . 2010-09-09 03:44 -------- d-----w- c:\programdata\Nero
    2010-09-09 03:33 . 2010-09-09 03:34 -------- d-----w- c:\program files\Common Files\Nero
    2010-09-09 03:33 . 2010-09-09 03:44 -------- d-----w- c:\program files\Nero
    2010-09-09 01:31 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-09-09 01:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-09-09 01:30 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-09-09 01:29 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2010-09-09 01:29 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-09-06 19:47 . 2010-09-06 19:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-06 19:47 . 2010-09-06 19:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-06 19:47 . 2010-09-06 19:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-06 19:47 . 2010-09-14 23:58 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-09-06 19:47 . 2010-09-06 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-06 19:44 . 2010-09-06 19:44 -------- d-----w- c:\programdata\avg9
    2010-09-06 18:22 . 2007-05-04 20:51 40448 ----a-w- c:\windows\system32\RegOBJ.dll
    2010-09-06 18:22 . 2007-05-04 20:51 1003520 ----a-w- c:\windows\system32\ltmm_n.dll
    2010-09-06 18:22 . 2007-05-04 20:51 204800 ----a-w- c:\windows\system32\falcon.dll
    2010-09-06 18:22 . 2004-03-26 09:53 180224 ----a-w- c:\windows\system32\aspsms.dll
    2010-09-06 18:22 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\MFC42D.dll
    2010-09-06 18:22 . 2004-02-27 05:00 827445 ----a-w- c:\windows\system32\MFCO42D.dll
    2010-09-06 18:22 . 2003-10-02 16:06 185384 ----a-w- c:\windows\system32\cstcpapi.DLL
    2010-09-06 18:22 . 2000-08-29 05:00 516173 ----a-w- c:\windows\system32\MSVCP60D.dll
    2010-09-06 18:22 . 1998-07-06 05:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
    2010-09-06 18:22 . 2009-08-20 17:38 421888 ----a-w- c:\windows\system32\CapturixFrameWorkDLL.dll
    2010-09-06 18:22 . 2002-05-01 03:32 352256 ----a-w- c:\windows\system32\ijl15.dll
    2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\Capturix VideoSpy
    2010-09-06 02:13 . 2010-09-06 02:13 -------- d-----w- c:\users\Julieta\AppData\Roaming\OpenOffice.org
    2010-09-06 02:09 . 2010-09-06 02:09 -------- d-----w- c:\program files\JRE
    2010-09-06 02:08 . 2010-09-06 02:09 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-09-06 02:08 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-05 22:39 . 2010-09-05 23:06 -------- d-----w- c:\users\Julieta\AppData\Roaming\Xilisoft
    2010-09-05 22:38 . 2010-09-05 22:38 -------- d-----w- c:\program files\MSECache
    2010-09-05 08:30 . 2010-09-05 08:30 -------- d-----w- c:\users\Julieta\AppData\Roaming\Leawo
    2010-09-05 08:29 . 2010-09-05 08:29 -------- d-----w- c:\program files\Leawo
    2010-09-04 05:52 . 2010-09-06 17:59 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
    2010-09-04 05:46 . 2010-09-04 05:47 -------- d-----w- c:\users\Julieta\AppData\Roaming\GeoVid
    2010-09-04 05:46 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
    2010-09-04 05:46 . 2010-09-04 05:46 -------- d-----w- c:\program files\Common Files\GeoVid
    2010-08-23 03:45 . 2010-08-28 18:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Update
    2010-08-19 06:02 . 2010-08-19 06:02 -------- d-----w- c:\program files\Lame for Audacity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-15 02:13 . 2010-03-25 00:43 -------- d-----w- c:\users\Julieta\AppData\Roaming\Dropbox
    2010-09-15 02:07 . 2008-12-22 02:42 3204 ----a-w- c:\windows\bthservsdp.dat
    2010-09-14 23:45 . 2008-12-22 06:39 -------- d-----w- c:\programdata\Microsoft Help
    2010-09-14 23:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-09-14 18:03 . 2010-05-22 01:59 -------- d-----w- c:\programdata\PCDr
    2010-09-14 13:33 . 2008-12-22 07:00 -------- d-----w- c:\program files\LogMeIn
    2010-09-10 15:24 . 2010-02-10 07:36 0 ----a-w- c:\users\Julieta\AppData\Local\prvlcl.dat
    2010-09-10 09:36 . 2008-12-22 02:58 146360 ----a-w- c:\users\Julieta\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-09-10 09:06 . 2008-12-22 03:14 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-10 05:34 . 2009-02-15 04:14 -------- d-----w- c:\users\Julieta\AppData\Roaming\uTorrent
    2010-09-09 21:20 . 2008-12-22 02:52 -------- d-----w- c:\program files\Lenovo
    2010-09-06 18:01 . 2010-02-12 21:29 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Common Files\Java
    2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Java
    2010-09-01 16:31 . 2008-12-22 06:54 -------- d-----w- c:\users\Julieta\AppData\Roaming\Skype
    2010-09-01 16:25 . 2008-12-22 06:55 -------- d-----w- c:\users\Julieta\AppData\Roaming\skypePM
    2010-08-31 08:10 . 2010-08-01 08:07 -------- d-----w- c:\program files\PC-Doctor
    2010-08-31 01:35 . 2010-07-27 04:31 -------- d-----w- c:\users\Julieta\AppData\Roaming\FileZilla
    2010-08-31 01:28 . 2010-07-27 04:31 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-08-28 12:45 . 2010-05-05 03:31 -------- d-----w- c:\programdata\DivX
    2010-08-28 12:45 . 2009-09-29 05:34 -------- d-----w- c:\program files\DivX
    2010-08-28 12:45 . 2010-01-10 00:28 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-08-25 08:30 . 2010-01-24 20:33 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
    2010-08-25 08:30 . 2008-12-22 02:59 394600 ------w- c:\windows\PWMBTHLV.EXE
    2010-08-25 08:30 . 2008-12-22 02:59 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
    2010-08-21 21:17 . 2010-01-25 03:41 -------- d-----w- c:\users\Julieta\AppData\Roaming\Audacity
    2010-08-14 10:06 . 2010-05-26 22:30 -------- d-----w- c:\program files\AAdvantage eShoppingSM Toolbar
    2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\program files\iTunes
    2010-08-14 08:06 . 2010-08-14 08:06 -------- d-----w- c:\program files\iPod
    2010-08-14 08:06 . 2009-06-21 04:17 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-14 08:04 . 2010-01-25 03:55 -------- d-----w- c:\program files\QuickTime
    2010-08-14 07:59 . 2010-08-14 07:59 -------- d-----w- c:\program files\Bonjour
    2010-08-14 04:04 . 2009-02-15 04:15 -------- d-----w- c:\program files\uTorrent
    2010-08-12 19:14 . 2008-12-22 03:36 -------- d-----w- c:\program files\Google
    2010-08-12 01:47 . 2008-12-27 08:01 -------- d-----w- c:\program files\Stata10
    2010-08-06 16:39 . 2010-08-06 16:39 -------- d-----w- c:\program files\AoA Audio Extractor
    2010-07-27 07:46 . 2008-12-22 04:09 -------- d-----w- c:\programdata\FLEXnet
    2010-07-26 18:23 . 2010-04-17 15:26 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 16:00 . 2010-07-26 15:59 -------- d-----w- c:\program files\Ghostgum
    2010-07-26 04:57 . 2010-07-26 04:55 -------- d-----w- c:\program files\dvdSanta
    2010-07-25 23:01 . 2008-12-22 06:55 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-07-25 20:21 . 2010-07-23 03:58 -------- d-----w- c:\program files\Intel
    2010-07-25 00:11 . 2009-05-25 04:42 -------- d-----w- c:\users\Julieta\AppData\Roaming\SmartDraw
    2010-07-25 00:11 . 2009-01-28 20:38 -------- d-----w- c:\users\Julieta\AppData\Roaming\TestGen
    2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Printer Info Cache
    2010-07-25 00:11 . 2009-06-19 19:11 -------- d-----w- c:\users\Julieta\AppData\Roaming\LimeWire
    2010-07-25 00:11 . 2009-11-20 05:39 -------- d-----w- c:\users\Julieta\AppData\Roaming\HpUpdate
    2010-07-25 00:11 . 2009-11-02 23:15 -------- d-----w- c:\users\Julieta\AppData\Roaming\Elluminate
    2010-07-25 00:11 . 2009-07-31 21:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Download Manager
    2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Image Zone Express
    2010-07-25 00:07 . 2009-03-23 17:10 -------- d-----w- c:\programdata\WebEx
    2010-07-25 00:07 . 2008-12-27 08:23 -------- d-----w- c:\programdata\StatTransfer9
    2010-07-25 00:07 . 2008-12-22 03:44 -------- d-----w- c:\programdata\Symantec
    2010-07-25 00:07 . 2008-12-22 03:20 -------- d-----w- c:\programdata\Sonic
    2010-07-25 00:07 . 2009-01-30 00:23 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
    2010-07-25 00:05 . 2009-11-07 01:40 -------- d-----w- c:\program files\PuTTY
    2010-07-25 00:05 . 2009-08-20 04:38 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
    2010-07-25 00:04 . 2008-12-22 03:36 -------- d-----w- c:\program files\Picasa2
    2010-07-25 00:04 . 2009-01-25 07:02 -------- d-----w- c:\program files\Motorola Phone Tools
    2010-07-25 00:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
    2010-07-25 00:04 . 2008-12-22 06:45 -------- d-----w- c:\program files\Microsoft Works
    2010-07-24 23:59 . 2008-12-22 03:16 -------- d-----w- c:\program files\Lenovo Registration
    2010-07-24 23:59 . 2009-11-08 23:03 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
    2010-07-24 23:59 . 2008-12-27 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-24 23:59 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\SureThing Shared
    2010-07-24 23:58 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-07-24 23:58 . 2009-01-21 02:01 -------- d-----w- c:\program files\Common Files\Macromedia
    2010-07-24 23:58 . 2008-12-22 03:12 -------- d-----w- c:\program files\Common Files\Lenovo
    2010-07-24 23:58 . 2009-11-08 22:56 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-07-24 23:58 . 2009-06-20 19:07 -------- d-----w- c:\program files\Audacity
    2010-07-24 23:58 . 2009-01-25 07:14 -------- d-----w- c:\program files\Avanquest update
    2010-07-24 23:58 . 2009-06-21 04:19 -------- d-----w- c:\program files\Apple Software Update
    2010-07-24 23:58 . 2009-07-06 06:44 -------- d-----w- c:\program files\Alarm Clock
    2010-07-24 23:31 . 2009-06-21 04:24 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2010-07-24 23:31 . 2009-05-22 02:46 -------- d-----w- c:\programdata\WindowsSearch
    2010-07-24 23:31 . 2008-12-22 07:37 -------- d-----w- c:\programdata\Yahoo!
    2010-07-24 23:31 . 2008-12-22 02:58 -------- d-----w- c:\programdata\UIB
    2010-07-24 23:31 . 2008-12-22 06:53 -------- d-----w- c:\programdata\Skype
    2010-07-24 23:31 . 2010-05-26 16:40 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-07-24 23:31 . 2010-05-22 02:00 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2010-07-24 23:31 . 2010-01-21 16:54 -------- d-----w- c:\programdata\NOS
    2010-07-24 23:31 . 2008-12-22 03:24 -------- d-----w- c:\programdata\PC-Doctor
    2010-07-24 23:29 . 2009-12-20 23:07 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
    2010-07-24 23:28 . 2010-06-20 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-24 23:28 . 2009-03-25 15:30 -------- d-----w- c:\program files\MATLAB
    2010-07-24 23:28 . 2009-01-21 01:59 -------- d-----w- c:\program files\Macromedia
    2010-07-24 23:27 . 2009-11-23 01:05 -------- d-----w- c:\program files\Larson Software Technology
    2010-07-24 23:27 . 2010-06-19 06:34 -------- d-----w- c:\program files\Kodak Print Service
    2010-07-24 23:27 . 2009-11-23 00:27 -------- d-----w- c:\program files\IrfanView
    2010-07-24 23:27 . 2008-12-22 03:23 -------- d-----w- c:\program files\InterVideo
    2010-07-24 23:27 . 2008-12-22 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-24 23:27 . 2010-04-27 02:45 -------- d-----w- c:\program files\Insightful
    2010-07-24 23:27 . 2009-12-20 23:14 -------- d-----w- c:\program files\ImageConverter Plus
    2010-07-24 23:27 . 2008-12-22 03:27 -------- d-----w- c:\program files\HP
    2010-07-24 23:27 . 2010-06-20 05:57 -------- d-----w- c:\program files\Free WMA to MP3 Converter
    2010-07-24 23:27 . 2010-03-13 23:42 -------- d-----w- c:\program files\EViews6SV
    2010-07-24 23:27 . 2010-02-07 23:50 -------- d-----w- c:\program files\Gavlock Consulting
    2010-07-24 23:25 . 2010-04-11 17:12 -------- d-----w- c:\program files\Ares
    2010-07-24 23:25 . 2008-12-22 03:04 -------- d-----w- c:\program files\Analog Devices
    2008-12-22 02:34 . 2008-12-22 02:34 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
    "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-08-25 214576]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]

    c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-4 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-12-01 16:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Julieta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]
    path=c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
    backup=c:\windows\pss\LenovoWelcome.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-06-16 22:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-07 05:46 57344 ------w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2010-02-08 14:51 1015808 ------w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
    2007-08-08 20:53 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-15 04:25 135664 -----tw- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 03:34 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
    2006-12-29 17:01 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
    2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
    2008-05-31 18:49 376944 ------r- c:\program files\Alarm Clock\Alarm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-10-28 15:36 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 23:38 583048 ------w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-06-27 01:08 202256 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3152529466-1860945956-3253294106-1002]
    "EnableNotificationsRef"=dword:00000002

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
    S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-06 216400]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-06 243024]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
    S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-23 20376]
    S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-06 921952]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-06 308136]
    S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
    S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
    S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
    S2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-12-01 35080]
    S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

    2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002Core.job
    - c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002UA.job
    - c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

    2009-07-06 c:\windows\Tasks\New Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 18:49]

    2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-08-18 16:49]

    2010-09-15 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-25 12:29]

    2010-09-14 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-08-18 20:35]

    2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.yahoo.com/
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: aol.com\free
    Trusted Zone: umanitoba.ca\osav.cc
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
    FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\Julieta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Quick Hide Windows - (no file)
    HKCU-Run-Olcoalv - c:\users\Julieta\AppData\Roaming\e1e6032N.dll
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    AddRemove-TeXLive - c:\julieta\tex\tlpkg\installer\uninst.bat



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76B74B11-20B8-00A2-12EF-7C313B771570}*]
    @Allowed: (Read) (RestrictedCode)
    "ealmceecch"=hex:66,61,66,6e,68,61,6c,61,6e,61,62,64,00,fc
    "daompnia"=hex:64,62,70,6b,64,63,67,64,64,6e,68,69,65,6a,69,6c,67,6b,6c,67,63,
    67,62,6a,61,6d,6e,61,6f,65,6c,6a,6f,65,6e,6b,63,66,68,6f,00,00
    "iadobbdnpmbomljdoc"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,66,
    66,6d,64,67,00,00
    "hankphblbfdoglih"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,66,
    66,6d,64,67,00,00

    [HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8AF1E71-0D27-1F6F-798A-8E3B747FA9BB}*]
    @Allowed: (Read) (RestrictedCode)
    "jamoidipgfnccbmmlmnn"=hex:62,61,61,6a,00,00
    "jamoidipgfnccbmmlmjd"=hex:62,61,6e,6a,00,00
    "iamphkmlhagfdfcngo"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,62,68,69,63,6d,70,
    6e,6e,70,6f,00,00
    "hagmkbiljcakffpd"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,69,68,62,64,66,65,
    65,67,61,6a,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4840)
    c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    c:\program files\PC-Doctor\ATLPcdToolbar563221.dll
    c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
    c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
    c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
    c:\windows\system32\btncopy.dll
    c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\windows\system32\AEADISRV.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\LogMeIn\x86\LMIGuardian.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\Common Files\Lenovo\Logger\logmon.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
    c:\program files\Alarm Clock\Alarm Tray.exe
    c:\program files\LogMeIn\x86\LogMeInSystray.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\LogMeIn\x86\LMIGuardian.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\AVG\AVG9\avgtray.exe
    c:\windows\System32\rundll32.exe
    c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
    c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\igfxext.exe
    c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-14 21:21:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-15 02:20

    Pre-Run: 7,069,536,256 bytes free
    Post-Run: 11,407,433,728 bytes free

    - - End Of File - - A347608B4AAF2D4C919F275230C855B8
     
  6. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
  7. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    I uploaded the file. Thanks, Rorschach.
     
  8. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  9. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    Here's the log, Rorschach. Thanks again.

    ComboFix 10-09-15.01 - Julieta 09/15/2010 17:13:27.2.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.800 [GMT -5:00]
    Running from: c:\julieta & ankit\My Installation files\ComboFix.exe
    Command switches used :: c:\julieta & ankit\My Installation files\CFScript.txt
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
    c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome.manifest
    c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul
    c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
    .

    2010-09-15 22:29 . 2010-09-15 22:30 -------- d-----w- c:\users\Julieta\AppData\Local\temp
    2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC\AppData\Local\temp
    2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC.Julieta-PC\AppData\Local\temp
    2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-09-14 23:45 . 2010-09-14 23:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2010-09-14 23:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-14 23:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-14 23:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-14 23:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-11 04:30 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-09-10 09:12 . 2010-09-10 09:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\users\Julieta\AppData\Local\Nero_AG
    2010-09-09 03:50 . 2010-09-09 03:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Nero
    2010-09-09 03:34 . 2010-09-09 03:44 -------- d-----w- c:\programdata\Nero
    2010-09-09 03:33 . 2010-09-09 03:34 -------- d-----w- c:\program files\Common Files\Nero
    2010-09-09 03:33 . 2010-09-09 03:44 -------- d-----w- c:\program files\Nero
    2010-09-09 01:31 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-09-09 01:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-09-09 01:30 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-09-09 01:29 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2010-09-09 01:29 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-09-06 19:47 . 2010-09-06 19:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-06 19:47 . 2010-09-06 19:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-06 19:47 . 2010-09-06 19:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-06 19:47 . 2010-09-15 15:13 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-09-06 19:47 . 2010-09-06 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-06 19:44 . 2010-09-06 19:44 -------- d-----w- c:\programdata\avg9
    2010-09-06 18:22 . 2007-05-04 20:51 40448 ----a-w- c:\windows\system32\RegOBJ.dll
    2010-09-06 18:22 . 2007-05-04 20:51 1003520 ----a-w- c:\windows\system32\ltmm_n.dll
    2010-09-06 18:22 . 2007-05-04 20:51 204800 ----a-w- c:\windows\system32\falcon.dll
    2010-09-06 18:22 . 2004-03-26 09:53 180224 ----a-w- c:\windows\system32\aspsms.dll
    2010-09-06 18:22 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\MFC42D.dll
    2010-09-06 18:22 . 2004-02-27 05:00 827445 ----a-w- c:\windows\system32\MFCO42D.dll
    2010-09-06 18:22 . 2003-10-02 16:06 185384 ----a-w- c:\windows\system32\cstcpapi.DLL
    2010-09-06 18:22 . 2000-08-29 05:00 516173 ----a-w- c:\windows\system32\MSVCP60D.dll
    2010-09-06 18:22 . 1998-07-06 05:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
    2010-09-06 18:22 . 2009-08-20 17:38 421888 ----a-w- c:\windows\system32\CapturixFrameWorkDLL.dll
    2010-09-06 18:22 . 2002-05-01 03:32 352256 ----a-w- c:\windows\system32\ijl15.dll
    2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\Capturix VideoSpy
    2010-09-06 02:13 . 2010-09-06 02:13 1 ----a-w- c:\users\Julieta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-09-06 02:13 . 2010-09-06 02:13 -------- d-----w- c:\users\Julieta\AppData\Roaming\OpenOffice.org
    2010-09-06 02:09 . 2010-09-06 02:09 -------- d-----w- c:\program files\JRE
    2010-09-06 02:08 . 2010-09-06 02:09 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-09-06 02:08 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-05 22:39 . 2010-09-05 23:06 -------- d-----w- c:\users\Julieta\AppData\Roaming\Xilisoft
    2010-09-05 22:38 . 2010-09-05 22:38 -------- d-----w- c:\program files\MSECache
    2010-09-05 08:30 . 2010-09-05 08:30 -------- d-----w- c:\users\Julieta\AppData\Roaming\Leawo
    2010-09-05 08:29 . 2010-09-05 08:29 -------- d-----w- c:\program files\Leawo
    2010-09-04 05:52 . 2010-09-06 17:59 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
    2010-09-04 05:46 . 2010-09-04 05:47 -------- d-----w- c:\users\Julieta\AppData\Roaming\GeoVid
    2010-09-04 05:46 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
    2010-09-04 05:46 . 2010-09-04 05:46 -------- d-----w- c:\program files\Common Files\GeoVid
    2010-08-28 18:52 . 2010-08-28 18:52 10077328 ----a-w- c:\users\Julieta\AppData\Roaming\Update\patch_551461to563221_32_05\patch_551461to563221_32_05.exe
    2010-08-28 12:45 . 2010-08-28 12:45 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-08-28 12:45 . 2010-08-28 12:36 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
    2010-08-28 12:45 . 2010-08-28 12:45 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-08-28 12:45 . 2010-08-28 12:45 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-08-28 12:45 . 2010-08-28 12:45 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-08-28 12:44 . 2010-08-28 12:44 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-08-28 12:36 . 2010-08-28 12:36 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-23 03:45 . 2010-08-28 18:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Update
    2010-08-19 06:02 . 2010-08-19 06:02 -------- d-----w- c:\program files\Lame for Audacity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-15 13:10 . 2008-12-22 07:00 -------- d-----w- c:\program files\LogMeIn
    2010-09-15 13:10 . 2008-12-22 04:09 -------- d-----w- c:\programdata\FLEXnet
    2010-09-15 02:13 . 2010-03-25 00:43 -------- d-----w- c:\users\Julieta\AppData\Roaming\Dropbox
    2010-09-15 02:07 . 2008-12-22 02:42 3204 ----a-w- c:\windows\bthservsdp.dat
    2010-09-14 23:45 . 2008-12-22 06:39 -------- d-----w- c:\programdata\Microsoft Help
    2010-09-14 23:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-09-14 18:03 . 2010-05-22 01:59 -------- d-----w- c:\programdata\PCDr
    2010-09-10 15:24 . 2010-02-10 07:36 0 ----a-w- c:\users\Julieta\AppData\Local\prvlcl.dat
    2010-09-10 09:36 . 2008-12-22 02:58 146360 ----a-w- c:\users\Julieta\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-09-10 09:06 . 2008-12-22 03:14 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-10 05:34 . 2009-02-15 04:14 -------- d-----w- c:\users\Julieta\AppData\Roaming\uTorrent
    2010-09-09 21:20 . 2008-12-22 02:52 -------- d-----w- c:\program files\Lenovo
    2010-09-06 18:01 . 2010-02-12 21:29 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Common Files\Java
    2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Java
    2010-09-01 16:31 . 2008-12-22 06:54 -------- d-----w- c:\users\Julieta\AppData\Roaming\Skype
    2010-09-01 16:25 . 2008-12-22 06:55 -------- d-----w- c:\users\Julieta\AppData\Roaming\skypePM
    2010-08-31 08:10 . 2010-08-01 08:07 -------- d-----w- c:\program files\PC-Doctor
    2010-08-31 01:35 . 2010-07-27 04:31 -------- d-----w- c:\users\Julieta\AppData\Roaming\FileZilla
    2010-08-31 01:28 . 2010-07-27 04:31 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-08-28 12:48 . 2010-05-05 03:37 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-28 12:45 . 2010-05-05 03:31 -------- d-----w- c:\programdata\DivX
    2010-08-28 12:45 . 2009-09-29 05:34 -------- d-----w- c:\program files\DivX
    2010-08-28 12:45 . 2010-01-10 00:28 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-08-28 12:36 . 2010-05-05 03:35 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-08-28 12:36 . 2010-05-05 03:35 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-08-25 08:30 . 2010-01-24 20:33 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
    2010-08-25 08:30 . 2008-12-22 02:59 394600 ------w- c:\windows\PWMBTHLV.EXE
    2010-08-25 08:30 . 2008-12-22 02:59 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
    2010-08-21 21:17 . 2010-01-25 03:41 -------- d-----w- c:\users\Julieta\AppData\Roaming\Audacity
    2010-08-14 10:06 . 2010-05-26 22:30 -------- d-----w- c:\program files\AAdvantage eShoppingSM Toolbar
    2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\program files\iTunes
    2010-08-14 08:06 . 2010-08-14 08:06 -------- d-----w- c:\program files\iPod
    2010-08-14 08:06 . 2009-06-21 04:17 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-14 08:04 . 2010-01-25 03:55 -------- d-----w- c:\program files\QuickTime
    2010-08-14 07:59 . 2010-08-14 07:59 -------- d-----w- c:\program files\Bonjour
    2010-08-14 07:55 . 2010-08-14 07:55 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-14 04:04 . 2009-02-15 04:15 -------- d-----w- c:\program files\uTorrent
    2010-08-12 19:14 . 2008-12-22 03:36 -------- d-----w- c:\program files\Google
    2010-08-12 01:47 . 2008-12-27 08:01 -------- d-----w- c:\program files\Stata10
    2010-08-06 16:39 . 2010-08-06 16:39 -------- d-----w- c:\program files\AoA Audio Extractor
    2010-07-26 18:23 . 2010-04-17 15:26 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 16:00 . 2010-07-26 15:59 -------- d-----w- c:\program files\Ghostgum
    2010-07-26 04:57 . 2010-07-26 04:55 -------- d-----w- c:\program files\dvdSanta
    2010-07-25 23:01 . 2008-12-22 06:55 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-07-25 20:21 . 2010-07-23 03:58 -------- d-----w- c:\program files\Intel
    2010-07-25 00:11 . 2009-05-25 04:42 -------- d-----w- c:\users\Julieta\AppData\Roaming\SmartDraw
    2010-07-25 00:11 . 2009-01-28 20:38 -------- d-----w- c:\users\Julieta\AppData\Roaming\TestGen
    2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Printer Info Cache
    2010-07-25 00:11 . 2009-06-19 19:11 -------- d-----w- c:\users\Julieta\AppData\Roaming\LimeWire
    2010-07-25 00:11 . 2009-11-20 05:39 -------- d-----w- c:\users\Julieta\AppData\Roaming\HpUpdate
    2010-07-25 00:11 . 2009-11-02 23:15 -------- d-----w- c:\users\Julieta\AppData\Roaming\Elluminate
    2010-07-25 00:11 . 2009-07-31 21:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Download Manager
    2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Image Zone Express
    2010-07-25 00:07 . 2009-03-23 17:10 -------- d-----w- c:\programdata\WebEx
    2010-07-25 00:07 . 2008-12-27 08:23 -------- d-----w- c:\programdata\StatTransfer9
    2010-07-25 00:07 . 2008-12-22 03:44 -------- d-----w- c:\programdata\Symantec
    2010-07-25 00:07 . 2008-12-22 03:20 -------- d-----w- c:\programdata\Sonic
    2010-07-25 00:07 . 2009-01-30 00:23 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
    2010-07-25 00:05 . 2009-11-07 01:40 -------- d-----w- c:\program files\PuTTY
    2010-07-25 00:05 . 2009-08-20 04:38 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
    2010-07-25 00:04 . 2008-12-22 03:36 -------- d-----w- c:\program files\Picasa2
    2010-07-25 00:04 . 2009-01-25 07:02 -------- d-----w- c:\program files\Motorola Phone Tools
    2010-07-25 00:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
    2010-07-25 00:04 . 2008-12-22 06:45 -------- d-----w- c:\program files\Microsoft Works
    2010-07-24 23:59 . 2008-12-22 03:16 -------- d-----w- c:\program files\Lenovo Registration
    2010-07-24 23:59 . 2009-11-08 23:03 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
    2010-07-24 23:59 . 2008-12-27 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-24 23:59 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\SureThing Shared
    2010-07-24 23:58 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-07-24 23:58 . 2009-01-21 02:01 -------- d-----w- c:\program files\Common Files\Macromedia
    2010-07-24 23:58 . 2008-12-22 03:12 -------- d-----w- c:\program files\Common Files\Lenovo
    2010-07-24 23:58 . 2009-11-08 22:56 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-07-24 23:58 . 2009-06-20 19:07 -------- d-----w- c:\program files\Audacity
    2010-07-24 23:58 . 2009-01-25 07:14 -------- d-----w- c:\program files\Avanquest update
    2010-07-24 23:58 . 2009-06-21 04:19 -------- d-----w- c:\program files\Apple Software Update
    2010-07-24 23:58 . 2009-07-06 06:44 -------- d-----w- c:\program files\Alarm Clock
    2010-07-24 23:31 . 2009-06-21 04:24 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2010-07-24 23:31 . 2009-05-22 02:46 -------- d-----w- c:\programdata\WindowsSearch
    2010-07-24 23:31 . 2008-12-22 07:37 -------- d-----w- c:\programdata\Yahoo!
    2010-07-24 23:31 . 2008-12-22 02:58 -------- d-----w- c:\programdata\UIB
    2010-07-24 23:31 . 2008-12-22 06:53 -------- d-----w- c:\programdata\Skype
    2010-07-24 23:31 . 2010-05-26 16:40 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-07-24 23:31 . 2010-05-22 02:00 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2010-07-24 23:31 . 2010-01-21 16:54 -------- d-----w- c:\programdata\NOS
    2010-07-24 23:31 . 2008-12-22 03:24 -------- d-----w- c:\programdata\PC-Doctor
    2010-07-24 23:29 . 2009-12-20 23:07 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
    2010-07-24 23:28 . 2010-06-20 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-24 23:28 . 2009-03-25 15:30 -------- d-----w- c:\program files\MATLAB
    2010-07-24 23:28 . 2009-01-21 01:59 -------- d-----w- c:\program files\Macromedia
    2010-07-24 23:27 . 2009-11-23 01:05 -------- d-----w- c:\program files\Larson Software Technology
    2010-07-24 23:27 . 2010-06-19 06:34 -------- d-----w- c:\program files\Kodak Print Service
    2010-07-24 23:27 . 2009-11-23 00:27 -------- d-----w- c:\program files\IrfanView
    2010-07-24 23:27 . 2008-12-22 03:23 -------- d-----w- c:\program files\InterVideo
    2010-07-24 23:27 . 2008-12-22 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-24 23:27 . 2010-04-27 02:45 -------- d-----w- c:\program files\Insightful
    2010-07-24 23:27 . 2009-12-20 23:14 -------- d-----w- c:\program files\ImageConverter Plus
    2010-07-24 23:27 . 2008-12-22 03:27 -------- d-----w- c:\program files\HP
    2010-07-24 23:27 . 2010-06-20 05:57 -------- d-----w- c:\program files\Free WMA to MP3 Converter
    2008-12-22 02:34 . 2008-12-22 02:34 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
    "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-08-25 214576]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]

    c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-4 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-12-01 16:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Julieta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]
    path=c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
    backup=c:\windows\pss\LenovoWelcome.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-06-16 22:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-07 05:46 57344 ------w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2010-02-08 14:51 1015808 ------w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
    2007-08-08 20:53 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-15 04:25 135664 -----tw- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 03:34 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
    2006-12-29 17:01 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
    2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
    2008-05-31 18:49 376944 ------r- c:\program files\Alarm Clock\Alarm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-10-28 15:36 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 23:38 583048 ------w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-06-27 01:08 202256 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3152529466-1860945956-3253294106-1002]
    "EnableNotificationsRef"=dword:00000002

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
    S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-06 216400]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-06 243024]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
    S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-23 20376]
    S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-06 921952]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-06 308136]
    S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
    S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
    S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
    S2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-12-01 35080]
    S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
    S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002Core.job
    - c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002UA.job
    - c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

    2009-07-06 c:\windows\Tasks\New Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 18:49]

    2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-08-18 16:49]

    2010-09-15 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-25 12:29]

    2010-09-15 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-08-18 20:35]

    2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.yahoo.com/
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: aol.com\free
    Trusted Zone: umanitoba.ca\osav.cc
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
    FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\Julieta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-15 17:30
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76B74B11-20B8-00A2-12EF-7C313B771570}*]
    @Allowed: (Read) (RestrictedCode)
    "ealmceecch"=hex:66,61,66,6e,68,61,6c,61,6e,61,62,64,00,fc
    "daompnia"=hex:64,62,70,6b,64,63,67,64,64,6e,68,69,65,6a,69,6c,67,6b,6c,67,63,
    67,62,6a,61,6d,6e,61,6f,65,6c,6a,6f,65,6e,6b,63,66,68,6f,00,00
    "iadobbdnpmbomljdoc"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,66,
    66,6d,64,67,00,00
    "hankphblbfdoglih"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,66,
    66,6d,64,67,00,00

    [HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8AF1E71-0D27-1F6F-798A-8E3B747FA9BB}*]
    @Allowed: (Read) (RestrictedCode)
    "jamoidipgfnccbmmlmnn"=hex:62,61,61,6a,00,00
    "jamoidipgfnccbmmlmjd"=hex:62,61,6e,6a,00,00
    "iamphkmlhagfdfcngo"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,62,68,69,63,6d,70,
    6e,6e,70,6f,00,00
    "hagmkbiljcakffpd"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,69,68,62,64,66,65,
    65,67,61,6a,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-09-15 17:33:09
    ComboFix-quarantined-files.txt 2010-09-15 22:33
    ComboFix2.txt 2010-09-15 02:21

    Pre-Run: 11,902,246,912 bytes free
    Post-Run: 11,863,285,760 bytes free

    - - End Of File - - 863D7580E3C82A5BA7F12A56B4621730
     
  10. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :Filefind
      *FF_com*
      *install.rdf*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  11. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    SystemLook 04.09.10 by jpshortstuff
    Log created at 18:26 on 15/09/2010 by Julieta
    Administrator - Elevation successful

    ========== Filefind ==========

    Searching for "*FF_com*"
    C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul.vir --a---- 228 bytes [20:42 11/12/2008] [20:42 11/12/2008] EFFC85318AC2DBB0F14B07A4F0A99AFD
    C:\Users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul --a---- 228 bytes [15:09 15/09/2010] [20:42 11/12/2008] EFFC85318AC2DBB0F14B07A4F0A99AFD
    C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_hu-hu_d4e981664746bfff_comdlg32.dll.mui_ac8e62f4 ------- 57344 bytes [06:31 25/03/2009] [06:10 25/03/2009] E0698406A57873076B4F82D516D56995

    Searching for "*install.rdf*"
    C:\Program Files\AVG\AVG9\Firefox\install.rdf --a---- 962 bytes [19:45 06/09/2010] [19:45 06/09/2010] 0E17FD1F504B5DE1D667A8B0734E2B90
    C:\Program Files\Java\jre6\lib\deploy\jqs\ff\install.rdf --a---- 678 bytes [02:07 06/09/2010] [02:07 06/09/2010] 7D03B0EFE4414281DB2BD7BAA924BE7B
    C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\install.rdf ------- 1188 bytes [03:16 22/12/2006] [18:31 10/07/2008] 9E623F86D97D799B4FE49FFA002C5428
    C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\install.rdf.bak ------- 1187 bytes [06:29 04/06/2010] [03:16 22/12/2006] BF3A3EE6EF583BCA093E33A6B6801B88
    C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf --a---- 1390 bytes [07:16 22/12/2008] [14:43 08/09/2010] 2855728987A9D8C6BF41DE3FDA9BED1A
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\install.rdf ------- 671 bytes [08:02 19/04/2009] [08:02 19/04/2009] E58BF172869A6D012EE294943D9CD903
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\install.rdf ------- 671 bytes [03:52 06/09/2009] [03:52 06/09/2009] 0BED046D52C01DFD42C1E7258723C0AE
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf ------- 671 bytes [14:34 04/12/2009] [14:34 04/12/2009] 7DE9757BFD3D41992ECDB67F54161EF4
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf --a---- 671 bytes [02:08 06/09/2010] [02:08 06/09/2010] 84CA5C42A6DBC29804D3D1F8CD719B54
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\install.rdf --a---- 671 bytes [17:58 06/09/2010] [17:58 06/09/2010] 0F3D3A0550A4982433F4294FF5E48D09
    C:\Program Files\Mozilla Thunderbird\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf ------- 1493 bytes [00:28 10/01/2010] [10:53 08/06/2010] 284DF857D192B10CACF8E69721F3F1EC
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf ------- 882 bytes [01:09 27/06/2010] [01:09 27/06/2010] 579235120275415DE0DB75DBF4417872
    C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf.vir --a---- 973 bytes [04:57 26/02/2010] [04:57 26/02/2010] 8CAE24E27B0D0D21903EC91CBA8656E6
    C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf ------- 882 bytes [01:09 27/06/2010] [01:09 27/06/2010] 579235120275415DE0DB75DBF4417872
    C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\[email protected]\install.rdf ------- 1241 bytes [03:58 21/02/2010] [22:38 21/01/2010] C56DA89F3BD995086DC1F4C56621C1EA
    C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\[email protected]\install.rdf ------- 594 bytes [15:16 12/06/2010] [14:42 01/06/2010] 28A441B195BE79500B4E643B87E0EAAC
    C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf ------- 1269 bytes [14:39 28/04/2010] [23:13 20/04/2010] 9C06BEB662EC9B41D5B51A7480085A49
    C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf --a---- 1687 bytes [13:40 25/07/2010] [13:41 25/07/2010] 93F0C51F6A59CE9836DC4506F461B4FD
    C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\install.rdf ------- 1188 bytes [17:02 17/06/2010] [17:22 17/06/2010] AE5F434E6301C3C454644727194479AD
    C:\Users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf --a---- 973 bytes [15:09 15/09/2010] [04:57 26/02/2010] 8CAE24E27B0D0D21903EC91CBA8656E6
    C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\install.rdf ------- 1071 bytes [17:48 23/01/2009] [17:48 23/01/2009] 86FDB53478C447EF4ABAAB49E343705B

    -= EOF =-
     
  12. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    http://forums.techguy.org/virus-other-malware-removal/949971-redirected-when-using-firefox-google.html#post7600876
    
    Suspect::
    C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdb fd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul.vir
    C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdb fd0-fa26-11de-8a39-0800200c9a66}\install.rdf.vir
    Folder::
    C:\Users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
    Save this as CFScript.txt


    [​IMG]

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
     
  13. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    ComboFix 10-09-15.01 - Julieta 09/15/2010 18:49:07.3.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.752 [GMT -5:00]
    Running from: c:\julieta & ankit\My Installation files\ComboFix.exe
    Command switches used :: c:\julieta & ankit\My Installation files\CFScript.txt
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
    c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome.manifest
    c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul
    c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
    .

    2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Julieta\AppData\Local\temp
    2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC\AppData\Local\temp
    2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC.Julieta-PC\AppData\Local\temp
    2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-09-14 23:45 . 2010-09-14 23:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2010-09-14 23:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-14 23:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-14 23:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-14 23:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-11 04:30 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-09-10 09:12 . 2010-09-10 09:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\users\Julieta\AppData\Local\Nero_AG
    2010-09-09 03:50 . 2010-09-09 03:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Nero
    2010-09-09 03:34 . 2010-09-09 03:44 -------- d-----w- c:\programdata\Nero
    2010-09-09 03:33 . 2010-09-09 03:34 -------- d-----w- c:\program files\Common Files\Nero
    2010-09-09 03:33 . 2010-09-09 03:44 -------- d-----w- c:\program files\Nero
    2010-09-09 01:31 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-09-09 01:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-09-09 01:30 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-09-09 01:29 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2010-09-09 01:29 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-09-06 19:47 . 2010-09-06 19:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-06 19:47 . 2010-09-06 19:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-06 19:47 . 2010-09-06 19:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-06 19:47 . 2010-09-15 15:13 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-09-06 19:47 . 2010-09-06 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-06 19:44 . 2010-09-06 19:44 -------- d-----w- c:\programdata\avg9
    2010-09-06 18:22 . 2007-05-04 20:51 40448 ----a-w- c:\windows\system32\RegOBJ.dll
    2010-09-06 18:22 . 2007-05-04 20:51 1003520 ----a-w- c:\windows\system32\ltmm_n.dll
    2010-09-06 18:22 . 2007-05-04 20:51 204800 ----a-w- c:\windows\system32\falcon.dll
    2010-09-06 18:22 . 2004-03-26 09:53 180224 ----a-w- c:\windows\system32\aspsms.dll
    2010-09-06 18:22 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\MFC42D.dll
    2010-09-06 18:22 . 2004-02-27 05:00 827445 ----a-w- c:\windows\system32\MFCO42D.dll
    2010-09-06 18:22 . 2003-10-02 16:06 185384 ----a-w- c:\windows\system32\cstcpapi.DLL
    2010-09-06 18:22 . 2000-08-29 05:00 516173 ----a-w- c:\windows\system32\MSVCP60D.dll
    2010-09-06 18:22 . 1998-07-06 05:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
    2010-09-06 18:22 . 2009-08-20 17:38 421888 ----a-w- c:\windows\system32\CapturixFrameWorkDLL.dll
    2010-09-06 18:22 . 2002-05-01 03:32 352256 ----a-w- c:\windows\system32\ijl15.dll
    2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\Capturix VideoSpy
    2010-09-06 02:13 . 2010-09-06 02:13 1 ----a-w- c:\users\Julieta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-09-06 02:13 . 2010-09-06 02:13 -------- d-----w- c:\users\Julieta\AppData\Roaming\OpenOffice.org
    2010-09-06 02:09 . 2010-09-06 02:09 -------- d-----w- c:\program files\JRE
    2010-09-06 02:08 . 2010-09-06 02:09 -------- d-----w- c:\program files\OpenOffice.org 3
    2010-09-06 02:08 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-05 22:39 . 2010-09-05 23:06 -------- d-----w- c:\users\Julieta\AppData\Roaming\Xilisoft
    2010-09-05 22:38 . 2010-09-05 22:38 -------- d-----w- c:\program files\MSECache
    2010-09-05 08:30 . 2010-09-05 08:30 -------- d-----w- c:\users\Julieta\AppData\Roaming\Leawo
    2010-09-05 08:29 . 2010-09-05 08:29 -------- d-----w- c:\program files\Leawo
    2010-09-04 05:52 . 2010-09-06 17:59 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
    2010-09-04 05:46 . 2010-09-04 05:47 -------- d-----w- c:\users\Julieta\AppData\Roaming\GeoVid
    2010-09-04 05:46 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
    2010-09-04 05:46 . 2010-09-04 05:46 -------- d-----w- c:\program files\Common Files\GeoVid
    2010-08-28 18:52 . 2010-08-28 18:52 10077328 ----a-w- c:\users\Julieta\AppData\Roaming\Update\patch_551461to563221_32_05\patch_551461to563221_32_05.exe
    2010-08-28 12:45 . 2010-08-28 12:45 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-08-28 12:45 . 2010-08-28 12:36 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
    2010-08-28 12:45 . 2010-08-28 12:45 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-08-28 12:45 . 2010-08-28 12:45 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-08-28 12:45 . 2010-08-28 12:45 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-08-28 12:44 . 2010-08-28 12:44 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-08-28 12:36 . 2010-08-28 12:36 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-23 03:45 . 2010-08-28 18:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Update
    2010-08-19 06:02 . 2010-08-19 06:02 -------- d-----w- c:\program files\Lame for Audacity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-15 22:45 . 2010-03-25 00:43 -------- d-----w- c:\users\Julieta\AppData\Roaming\Dropbox
    2010-09-15 22:42 . 2008-12-22 02:42 3204 ----a-w- c:\windows\bthservsdp.dat
    2010-09-15 13:10 . 2008-12-22 07:00 -------- d-----w- c:\program files\LogMeIn
    2010-09-15 13:10 . 2008-12-22 04:09 -------- d-----w- c:\programdata\FLEXnet
    2010-09-14 23:45 . 2008-12-22 06:39 -------- d-----w- c:\programdata\Microsoft Help
    2010-09-14 23:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-09-14 18:03 . 2010-05-22 01:59 -------- d-----w- c:\programdata\PCDr
    2010-09-10 15:24 . 2010-02-10 07:36 0 ----a-w- c:\users\Julieta\AppData\Local\prvlcl.dat
    2010-09-10 09:36 . 2008-12-22 02:58 146360 ----a-w- c:\users\Julieta\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-09-10 09:06 . 2008-12-22 03:14 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-10 05:34 . 2009-02-15 04:14 -------- d-----w- c:\users\Julieta\AppData\Roaming\uTorrent
    2010-09-09 21:20 . 2008-12-22 02:52 -------- d-----w- c:\program files\Lenovo
    2010-09-06 18:01 . 2010-02-12 21:29 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Common Files\Java
    2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Java
    2010-09-01 16:31 . 2008-12-22 06:54 -------- d-----w- c:\users\Julieta\AppData\Roaming\Skype
    2010-09-01 16:25 . 2008-12-22 06:55 -------- d-----w- c:\users\Julieta\AppData\Roaming\skypePM
    2010-08-31 08:10 . 2010-08-01 08:07 -------- d-----w- c:\program files\PC-Doctor
    2010-08-31 01:35 . 2010-07-27 04:31 -------- d-----w- c:\users\Julieta\AppData\Roaming\FileZilla
    2010-08-31 01:28 . 2010-07-27 04:31 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-08-28 12:48 . 2010-05-05 03:37 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-28 12:45 . 2010-05-05 03:31 -------- d-----w- c:\programdata\DivX
    2010-08-28 12:45 . 2009-09-29 05:34 -------- d-----w- c:\program files\DivX
    2010-08-28 12:45 . 2010-01-10 00:28 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-08-28 12:36 . 2010-05-05 03:35 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-08-28 12:36 . 2010-05-05 03:35 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-08-25 08:30 . 2010-01-24 20:33 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
    2010-08-25 08:30 . 2008-12-22 02:59 394600 ------w- c:\windows\PWMBTHLV.EXE
    2010-08-25 08:30 . 2008-12-22 02:59 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
    2010-08-21 21:17 . 2010-01-25 03:41 -------- d-----w- c:\users\Julieta\AppData\Roaming\Audacity
    2010-08-14 10:06 . 2010-05-26 22:30 -------- d-----w- c:\program files\AAdvantage eShoppingSM Toolbar
    2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\program files\iTunes
    2010-08-14 08:06 . 2010-08-14 08:06 -------- d-----w- c:\program files\iPod
    2010-08-14 08:06 . 2009-06-21 04:17 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-14 08:04 . 2010-01-25 03:55 -------- d-----w- c:\program files\QuickTime
    2010-08-14 07:59 . 2010-08-14 07:59 -------- d-----w- c:\program files\Bonjour
    2010-08-14 07:55 . 2010-08-14 07:55 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-14 04:04 . 2009-02-15 04:15 -------- d-----w- c:\program files\uTorrent
    2010-08-12 19:14 . 2008-12-22 03:36 -------- d-----w- c:\program files\Google
    2010-08-12 01:47 . 2008-12-27 08:01 -------- d-----w- c:\program files\Stata10
    2010-08-06 16:39 . 2010-08-06 16:39 -------- d-----w- c:\program files\AoA Audio Extractor
    2010-07-26 18:23 . 2010-04-17 15:26 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 16:00 . 2010-07-26 15:59 -------- d-----w- c:\program files\Ghostgum
    2010-07-26 04:57 . 2010-07-26 04:55 -------- d-----w- c:\program files\dvdSanta
    2010-07-25 23:01 . 2008-12-22 06:55 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-07-25 20:21 . 2010-07-23 03:58 -------- d-----w- c:\program files\Intel
    2010-07-25 00:11 . 2009-05-25 04:42 -------- d-----w- c:\users\Julieta\AppData\Roaming\SmartDraw
    2010-07-25 00:11 . 2009-01-28 20:38 -------- d-----w- c:\users\Julieta\AppData\Roaming\TestGen
    2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Printer Info Cache
    2010-07-25 00:11 . 2009-06-19 19:11 -------- d-----w- c:\users\Julieta\AppData\Roaming\LimeWire
    2010-07-25 00:11 . 2009-11-20 05:39 -------- d-----w- c:\users\Julieta\AppData\Roaming\HpUpdate
    2010-07-25 00:11 . 2009-11-02 23:15 -------- d-----w- c:\users\Julieta\AppData\Roaming\Elluminate
    2010-07-25 00:11 . 2009-07-31 21:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Download Manager
    2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Image Zone Express
    2010-07-25 00:07 . 2009-03-23 17:10 -------- d-----w- c:\programdata\WebEx
    2010-07-25 00:07 . 2008-12-27 08:23 -------- d-----w- c:\programdata\StatTransfer9
    2010-07-25 00:07 . 2008-12-22 03:44 -------- d-----w- c:\programdata\Symantec
    2010-07-25 00:07 . 2008-12-22 03:20 -------- d-----w- c:\programdata\Sonic
    2010-07-25 00:07 . 2009-01-30 00:23 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
    2010-07-25 00:05 . 2009-11-07 01:40 -------- d-----w- c:\program files\PuTTY
    2010-07-25 00:05 . 2009-08-20 04:38 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
    2010-07-25 00:04 . 2008-12-22 03:36 -------- d-----w- c:\program files\Picasa2
    2010-07-25 00:04 . 2009-01-25 07:02 -------- d-----w- c:\program files\Motorola Phone Tools
    2010-07-25 00:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
    2010-07-25 00:04 . 2008-12-22 06:45 -------- d-----w- c:\program files\Microsoft Works
    2010-07-24 23:59 . 2008-12-22 03:16 -------- d-----w- c:\program files\Lenovo Registration
    2010-07-24 23:59 . 2009-11-08 23:03 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
    2010-07-24 23:59 . 2008-12-27 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-24 23:59 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\SureThing Shared
    2010-07-24 23:58 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-07-24 23:58 . 2009-01-21 02:01 -------- d-----w- c:\program files\Common Files\Macromedia
    2010-07-24 23:58 . 2008-12-22 03:12 -------- d-----w- c:\program files\Common Files\Lenovo
    2010-07-24 23:58 . 2009-11-08 22:56 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-07-24 23:58 . 2009-06-20 19:07 -------- d-----w- c:\program files\Audacity
    2010-07-24 23:58 . 2009-01-25 07:14 -------- d-----w- c:\program files\Avanquest update
    2010-07-24 23:58 . 2009-06-21 04:19 -------- d-----w- c:\program files\Apple Software Update
    2010-07-24 23:58 . 2009-07-06 06:44 -------- d-----w- c:\program files\Alarm Clock
    2010-07-24 23:31 . 2009-06-21 04:24 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2010-07-24 23:31 . 2009-05-22 02:46 -------- d-----w- c:\programdata\WindowsSearch
    2010-07-24 23:31 . 2008-12-22 07:37 -------- d-----w- c:\programdata\Yahoo!
    2010-07-24 23:31 . 2008-12-22 02:58 -------- d-----w- c:\programdata\UIB
    2010-07-24 23:31 . 2008-12-22 06:53 -------- d-----w- c:\programdata\Skype
    2010-07-24 23:31 . 2010-05-26 16:40 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-07-24 23:31 . 2010-05-22 02:00 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2010-07-24 23:31 . 2010-01-21 16:54 -------- d-----w- c:\programdata\NOS
    2010-07-24 23:31 . 2008-12-22 03:24 -------- d-----w- c:\programdata\PC-Doctor
    2010-07-24 23:29 . 2009-12-20 23:07 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
    2010-07-24 23:28 . 2010-06-20 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-24 23:28 . 2009-03-25 15:30 -------- d-----w- c:\program files\MATLAB
    2010-07-24 23:28 . 2009-01-21 01:59 -------- d-----w- c:\program files\Macromedia
    2010-07-24 23:27 . 2009-11-23 01:05 -------- d-----w- c:\program files\Larson Software Technology
    2010-07-24 23:27 . 2010-06-19 06:34 -------- d-----w- c:\program files\Kodak Print Service
    2010-07-24 23:27 . 2009-11-23 00:27 -------- d-----w- c:\program files\IrfanView
    2010-07-24 23:27 . 2008-12-22 03:23 -------- d-----w- c:\program files\InterVideo
    2010-07-24 23:27 . 2008-12-22 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-24 23:27 . 2010-04-27 02:45 -------- d-----w- c:\program files\Insightful
    2010-07-24 23:27 . 2009-12-20 23:14 -------- d-----w- c:\program files\ImageConverter Plus
    2010-07-24 23:27 . 2008-12-22 03:27 -------- d-----w- c:\program files\HP
    2010-07-24 23:27 . 2010-06-20 05:57 -------- d-----w- c:\program files\Free WMA to MP3 Converter
    2008-12-22 02:34 . 2008-12-22 02:34 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-15_22.30.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-22 03:11 . 2010-09-15 22:48 91452 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-12-22 03:11 . 2010-09-14 23:54 91452 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2010-09-15 22:48 93280 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-22 02:07 . 2010-09-15 22:48 15878 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3152529466-1860945956-3253294106-1002_UserData.bin
    + 2008-12-22 02:02 . 2010-09-15 22:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-12-22 02:02 . 2010-09-15 18:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-12-22 02:02 . 2010-09-15 18:02 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-22 02:02 . 2010-09-15 22:43 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-22 02:02 . 2010-09-15 22:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-12-22 02:02 . 2010-09-15 18:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-27 14:40 . 2010-09-15 22:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-27 14:40 . 2010-09-15 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-27 14:40 . 2010-09-15 02:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-27 14:40 . 2010-09-15 22:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-27 14:40 . 2010-09-15 22:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-27 14:40 . 2010-09-15 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-09-15 02:09 . 2010-09-15 02:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-09-15 22:43 . 2010-09-15 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-09-15 02:09 . 2010-09-15 02:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-09-15 22:43 . 2010-09-15 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2010-09-15 22:48 715500 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2010-09-15 22:03 715500 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2010-09-15 22:03 143616 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2010-09-15 22:48 143616 c:\windows\System32\perfc009.dat
    - 2009-01-30 01:02 . 2010-09-15 02:07 8971944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-01-30 01:02 . 2010-09-15 22:42 8971944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
    "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-08-25 214576]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]

    c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-4 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-12-01 16:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Julieta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]
    path=c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
    backup=c:\windows\pss\LenovoWelcome.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-06-16 22:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-07 05:46 57344 ------w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2010-02-08 14:51 1015808 ------w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
    2007-08-08 20:53 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-15 04:25 135664 -----tw- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 03:34 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
    2006-12-29 17:01 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
    2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
    2008-05-31 18:49 376944 ------r- c:\program files\Alarm Clock\Alarm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-10-28 15:36 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    2008-01-29 23:38 583048 ------w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-06-27 01:08 202256 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3152529466-1860945956-3253294106-1002]
    "EnableNotificationsRef"=dword:00000002

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
    S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-06 216400]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-06 243024]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
    S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-23 20376]
    S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-06 921952]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-06 308136]
    S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
    S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
    S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
    S2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-12-01 35080]
    S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002Core.job
    - c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

    2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002UA.job
    - c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

    2009-07-06 c:\windows\Tasks\New Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 18:49]

    2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-08-18 16:49]

    2010-09-15 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-25 12:29]

    2010-09-15 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-08-18 20:35]

    2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.yahoo.com/
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: aol.com\free
    Trusted Zone: umanitoba.ca\osav.cc
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
    FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\Julieta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-15 18:59
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76B74B11-20B8-00A2-12EF-7C313B771570}*]
    @Allowed: (Read) (RestrictedCode)
    "ealmceecch"=hex:66,61,66,6e,68,61,6c,61,6e,61,62,64,00,fc
    "daompnia"=hex:64,62,70,6b,64,63,67,64,64,6e,68,69,65,6a,69,6c,67,6b,6c,67,63,
    67,62,6a,61,6d,6e,61,6f,65,6c,6a,6f,65,6e,6b,63,66,68,6f,00,00
    "iadobbdnpmbomljdoc"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,66,
    66,6d,64,67,00,00
    "hankphblbfdoglih"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,66,
    66,6d,64,67,00,00

    [HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8AF1E71-0D27-1F6F-798A-8E3B747FA9BB}*]
    @Allowed: (Read) (RestrictedCode)
    "jamoidipgfnccbmmlmnn"=hex:62,61,61,6a,00,00
    "jamoidipgfnccbmmlmjd"=hex:62,61,6e,6a,00,00
    "iamphkmlhagfdfcngo"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,62,68,69,63,6d,70,
    6e,6e,70,6f,00,00
    "hagmkbiljcakffpd"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,69,68,62,64,66,65,
    65,67,61,6a,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-09-15 19:02:32
    ComboFix-quarantined-files.txt 2010-09-16 00:02
    ComboFix2.txt 2010-09-15 22:33
    ComboFix3.txt 2010-09-15 02:21

    Pre-Run: 14,157,873,152 bytes free
    Post-Run: 14,009,159,680 bytes free

    - - End Of File - - A2CC68D0231DC2063FC54040E8C9F7F4
     
  14. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  15. adnaps1

    adnaps1 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    13
    Rorschach, I have run TFC. I had MBAM installed on my computer, but to make sure I'm doing exactly as you say, I first un-installed MBAM and restarted the computer before re-installing using the instructions you gave me. During the re-installation process, I got the following error message: "MBAM_ERROR_ENUMERATE_LANGUAGES(3,0). The system cannot find the path specified." When I clicked on OK for that message, the installation continued and completed. Should I just continue with your instructions, or do we need to do something to address this error?

    Thanks.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/949971