Page 1 of 3 123 LastLast
Results 1 to 20 of 52

Thread: Annoying pop-ups incl. PC performer

  1. #1
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default Annoying pop-ups incl. PC performer

    Hi, I am having a similar problem: since a month or so I get annoying pop-ups incl. PC performer and several others when I click on the results of a Google search, i.e. these websites pop up instead of the ones that Google found for my search request. I need to click back up to 4 times before I can display the website I wanted to. I have not intentionally installed anything and do not know how it got to my machine. I have read the posted threads and tried several things incl. SpyBot, Revo uninstaller and TFC but none of them has found any files of Installbrain or PCPerformer on my computer. I am stuck and would appreciate your help, thanks... Gabor

    PS: I use Windows XP Professional and Mozilla browser

  2. #2
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    Hi csnagyg:

    My name is etavares and I will help you with this issue. Please follow the instructions here Before posting for Malware Removal help. and post the resulting logs for me to review. NOw that we are working together, please make sure you only follow my instructions or we may end up working against each other and never know it. Please reply in 3 days or less, or let me know if you have a trip or are unable to reply for a while so I don't close the thread.

    Thanks,
    -etavares

  3. #3
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi Etavares, thanks for the prompt response. I have been away for 5 days and could not check the status but will do what you ask me latest tomorrow so please keep the thread active, thanks!

  4. #4
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, I have run the programs and followed the instructions, here are the txt files from the two scans (they were too large to only paste their contents here), pls advise what they mean and how to proceed. Thanks... Gabor
    Attached Files Attached Files

  5. #5
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    Hello, csnagyg.


    You are definitely still infected. We'll start to remove it. Since MBAM found trojan.agent, I need to provide you this warning:


    Backdoor Warning
    One or more of the identified infections is a backdoor trojan.


    This allows hackers to remotely control your computer, steal critical system information and download and execute files.


    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


    Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:


    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    When Should I Format, How Should I Reinstall


    We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




    Step 1


    1. Download TDSSKiller.exe and save it to your desktop.
    2. Double-click TDSSKiller.exe to run it.
    3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
    4. Click Start scan and allow it to scan for Malicious objects.
    5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
    7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    8. A log will be created on your root (usually C drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
    9. If no reboot is required, click on Report. A log file should appear.
    10. Please post the contents of the logfile in your next reply







    Step 2






    Next, please download ComboFix from one of these locations:

    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Double click on etavaresCF.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





    Click on Yes, to continue scanning for malware.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.


    Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.


    etavares

  6. #6
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, thanks for your help. I have done what you asked me to, pls find below the two logs. However, the original problem which I came up here to this forum for still exists. To give you more insight, let me describe what happens exactly:

    1. I enter a search term in Google search and press enter. The term I used when noticing the issue was 'munchen hostels' (but the same also happened later with other search terms)
    2. From the results that came up, I randomly selected one and clicked on them, e.g. on hxxp://www.aohostels.com/de/?Seed=A&O-Hostel-Muenchen&gclid=CJ_Zpp2Im7ACFYrP3wod2Ed7XQ. Then, instead of coming to the site shown on the Google search result list I am redirected to some other English or German language sites, e.g. to hxxp://www.appround.com/pcperformer/rh/rh/st2/free/pcperformer-rh-rh-st2-free-de.php?clickid=0009065740884006923. This happens via a site called hxxp://www.rocketnews.com which first pops up in my Firefox browser before I am redirected to the final sites like PC Performer.
    3. If I click on 'Back' and I get back to the Google search result list, then click again on the same link the same redirection happens but I get to another site, e.g. to hxxp://www.zoolagames.com/index-rh.php?clickid=0009065740883909476. This may happen up to 5 times, always with different sites and then finally I get to the desired site i.e. hxxp://www.aohostels.com/de/?Seed=A&O-Hostel-Muenchen&gclid=CJ_Zpp2Im7ACFYrP3wod2Ed7XQ. These others are e.g. hxxp://intermanews.com/pages/home/?ppcid=10216&all_3_6&keyword=munchen+hostels or hxxp://www.fresh-weather.com/at/results.php?PHPSESSID=tv5ag17ohul35jgu2sem6bgtv1&q =munchen+hostels&imageField.x=15&imageField.y=3
    4. If I do this again in the same browser window, the redirections do not happen again. However, in a new window they would randomly reoccur or not - I could not find any logic to when they do and when not.
    5. As I said, the site I see for a few sec is hxxp://www.rocketnews.com. I believe that a few weeks ago this used to be installbrain.com, I also saw a message in the bottom left corner of my screen saying 'transferring data from hxxp://www.installbrain.com'

    Please advise what all this can be and what can I do to get rid of this annoying issue. Also, after the infections identified by MBAM I am not sure now what to think - I did some search and found e.g. this opinion: hxxp://www.2-spyware.com/remove-trojan-agent.html and honestly do not know what to believe any more.

    I can read your answer till this evening or from Wednesday onwards. I appreciate your help on this, regards, Gabor
    Attached Files Attached Files
    Last edited by etavares; 26-05-2012 at 02:45 AM.

  7. #7
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    Hello, csnagyg.


    In regards to trojan.agent, MBAM is a legitimate antivirus. Trojan.agent is a legitimate detection. There are rogue 'antivirus' programs who look like antivirus programs nad report false positive to trick you into paying money and giving up your credit card details, but MBAM is not one of those. Regardless, you had a Bamital infection in the combofix log that was fixed...that is a definite backdoor trojan anyway so the warning still applies.










    Step 1


    ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.


    1. Close any open browsers.


    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


    3. Open Notepad and copy/paste the text in the codebox below into Notepad:


    Code:
    Driver::
    vjgkp
    File::
    C:\WINDOWS\system32\drivers\sdrb.sys
    C:\WINDOWS\System32\slbrccspk.dll
    c:\documents and settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\XPAZALL.job
    AtJob::
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    RegNull::
    [HKEY_USERS\S-1-5-21-2601519475-432958476-330210462-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99BB75B0-441D-8BCF-A589-44DABFE54989}*]

    Save this as CFScript.txt, in the same location as ComboFix.exe







    Refering to the picture above, drag CFScript into ComboFix.exe


    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.






    Step 2


    Please make sure that you can view all hidden files. Instructions on how to do this can be found here:


    How to see hidden files in Windows


    Please click this link-->Jotti


    When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.


    c:\program files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe


    Please post back the results of the scan in your next post.


    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


    etavares

  8. #8
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares,

    thanks for the detailed response. I do not quite understand tw of your points, can you pls explain a bit more on the following

    1. AVG as it is not installed on my machine - why do you refer to it? I have Symantec and I disabled it while running CF.

    2. What is Bamital and from which log file do you see that I had it on my machine?

    Sorry but I also want to learn about this and would like to understand why we do what we do... thanks in advance. As i said I will only be at my infected PC on Wednesday but hope we can clarify this before that.

    Regards, Gabor

  9. #9
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, I am back to the PC in question. In addition to the above I now noticed that the Stand-by and the Hibernate functions do not work at all on it since I ran the programs you asked me to, can you pls advise why and how can they be re-activated? Please also answer my two questions above (especially #1) so I can continue with providing what you need from me, thanks. Gabor

  10. #10
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    HI csnagyg,

    SOrry, I missed your initial post. The AVG is a part I meant to delete, but didn't. I have it there for folks that have AVG installed. Please ignore that.
    Bamital is a backdoor trojan that replaces some critical windows files with a patched version. Userinit.exe was infected and replaced with a good version in one of our scans. That patch is a typical signature of the Bamital family.

    I've made a note re: standby and hibernate. Once we fix what is broken, we can try to repair it. Exactly how are they broken? E.g. You click it and nothing happens? Or you click it and get an error message? Or something else?

    Thanks,
    -etavares

  11. #11
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:

    Jotti's malware scan

    Filename: HPCustPartic.exe
    Status: Scan finished. 0 out of 20 scanners reported malware.
    Scan taken on: Wed 30 May 2012 17:08:58 (CET) Permalink

    Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

    Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

    regards

    Gabor

  12. #12
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:
    Jotti's malware scan
    Filename: HPCustPartic.exe
    Status: Scan finished. 0 out of 20 scanners reported malware.
    Scan taken on: Wed 30 May 2012 17:08:58 (CET) Permalink

    Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

    Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

    regards

    Gabor

  13. #13
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, I posted a reply 2 or 3 days ago and got the message that it would be displayed after it is reviewed by a moderator. I had not received this message before, and more importantly my reply is still not displayed - I will try to post this now and see if it goes through like the other ones had done before.

  14. #14
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    OK, now that it apparently is OK I am re-attaching my real reply:

    Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:
    Jotti's malware scan
    Filename: HPCustPartic.exe
    Status: Scan finished. 0 out of 20 scanners reported malware.
    Scan taken on: Wed 30 May 2012 17:08:58 (CET) Permalink

    Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

    Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

    regards

    Gabor

  15. #15
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Well, the same thing happened, I hope a moderator will review and allow it to be posted soon.

  16. #16
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:
    Jotti's malware scan
    Filename: HPCustPartic.exe
    Status: Scan finished. 0 out of 20 scanners reported malware.
    Scan taken on: Wed 30 May 2012 17:08:58 (CET) Permalink

    Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

    Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

    regards

    Gabor

  17. #17
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    Hi csnagyg-

    Please do run Step 1 in this post. It is very important to run that as you are infected and this will start to clear it. It does not appear that you have ran that yet.

    -etavares

  18. #18
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi etavares,

    I thought when you said skip step 1 you meant all, not only the AVG piece of it, sorry for misunderstanding you. I have now run it, here is the log file below. In addition, I wanted to let you know that my Symantec Antivirus discovered a certain Backdoor.Graybird in a total of 13 counts in the last 3 days on my PC, last time (today) it found it under C:/System Volume Information/_restore... and it was in file A004581.scr. It was found and deleted by Symantec before I ran Combofix so I am not sure if it will show up in the Combofix results.

    Regards, Gabor

    ComboFix 12-06-03.05 - Cse 012.06.04. 14:28:14.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3054.1746 [GMT 2:00]
    Running from: c:\documents and settings\Cse\Asztal\etavaresCF.exe
    Command switches used :: c:\documents and settings\Cse\Asztal\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
    .
    FILE ::
    "c:\documents and settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk"
    "c:\windows\system32\drivers\sdrb.sys"
    "c:\windows\System32\slbrccspk.dll"
    "c:\windows\Tasks\At1.job"
    "c:\windows\Tasks\At2.job"
    "c:\windows\Tasks\At3.job"
    "c:\windows\Tasks\At4.job"
    "c:\windows\Tasks\XPAZALL.job"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\Cse\LOCALS~1\Temp\IadHide4.dll
    c:\documents and settings\Cse\Local Settings\Temp\IadHide4.dll
    c:\windows\System32\slbrccspk.dll
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\XPAZALL.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-01 17:33 . 2012-06-01 17:33 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
    2012-05-25 07:41 . 2012-05-25 08:26 -------- d-----w- C:\etavaresCF
    2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\documents and settings\Cse\Application Data\Malwarebytes
    2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-23 15:35 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-15 14:18 . 2012-05-15 14:35 -------- d-----w- c:\documents and settings\Cse\Application Data\FreeFixer
    2012-05-15 14:18 . 2012-05-15 14:18 -------- d-----w- c:\documents and settings\Cse\Local Settings\Application Data\FreeFixer
    2012-05-15 14:18 . 2012-05-15 14:18 -------- d-----w- c:\program files\FreeFixer
    2012-05-15 14:17 . 2012-05-15 14:17 2130622 ----a-w- c:\program files\freefixersetup.exe
    2012-05-14 18:45 . 2012-05-14 18:49 3895848 ----a-w- c:\program files\HPPSdr.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2012-05-06 08:03 . 2012-04-03 09:48 419488 ------w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-06 08:03 . 2011-07-25 23:02 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-06 08:03 . 2012-04-14 06:03 4140192 ------w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-05-04 07:40 . 2012-05-04 07:38 16409960 ------w- c:\program files\spybotsd162.exe
    2012-05-03 21:53 . 2012-05-03 21:53 446464 ------w- c:\program files\TFC.exe
    2012-04-18 21:30 . 2012-04-18 21:30 739856 ------w- c:\program files\ChromeSetup.exe
    2012-04-17 09:22 . 2009-10-11 20:14 89680 ------w- c:\documents and settings\Cse\MSSSerif120.fon
    2012-04-17 09:22 . 2009-10-11 20:14 64544 ------w- c:\documents and settings\Cse\MSSSerif96.fon
    2012-04-17 09:11 . 2012-04-17 09:11 2915520 ------w- c:\program files\HPHNDU.exe
    2012-04-11 13:55 . 2009-09-28 15:27 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-04-11 13:55 . 2009-09-28 15:27 1862272 ------w- c:\windows\system32\win32k.sys
    2012-04-11 13:55 . 2009-09-28 15:27 2149888 ------w- c:\windows\system32\ntoskrnl.exe
    2012-03-30 11:24 . 2012-03-30 11:23 22259528 ------w- c:\program files\vlc-2.0.1-win32.exe
    2012-03-22 19:12 . 2012-03-22 19:12 4435968 ------w- c:\windows\system32\GPhotos.scr
    2011-12-08 08:04 . 2011-12-08 08:04 5313141 ------w- c:\program files\install.exe
    2011-11-28 22:31 . 2011-11-28 22:31 1107022 ------w- c:\program files\SubtitleWorkshop251.exe
    2012-05-02 09:00 . 2012-01-24 16:48 97208 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-25_08.15.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-06-04 12:47 . 2012-06-04 12:47 16384 c:\windows\Temp\Perflib_Perfdata_a40.dat
    + 2012-05-29 23:14 . 2012-05-29 23:14 16384 c:\windows\Temp\Perflib_Perfdata_9b8.dat
    + 2012-06-04 12:46 . 2012-06-04 12:46 16384 c:\windows\Temp\Perflib_Perfdata_824.dat
    + 2012-06-04 12:46 . 2012-06-04 12:46 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
    + 2012-06-01 17:34 . 2012-06-01 17:34 836096 c:\windows\Installer\e3d7f82.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-10-17 20480]
    "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-09-28 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "Akamai NetSession Interface"="c:\documents and settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
    "SanDiskSecureAccess_Manager.exe"="c:\document s and settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-10 204288]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR .DLL" [2009-12-16 513384]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [2009-12-16 208896]
    "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe " [2009-08-03 62240]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
    "TpShocks"="TpShocks.exe" [2009-12-11 337256]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2008-10-08 256576]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
    "nwiz"="nwiz.exe" [2009-01-14 1630208]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe " [2009-07-23 185688]
    "AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
    "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe " [2007-03-14 125632]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
    "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-01-14 86016]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
    "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLC HK.exe" [2009-07-23 124248]
    "TrayServer"="c:\program files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayS erver.exe" [2008-04-09 90112]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-29 273528]
    "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
    "lxbymon.exe"="c:\program files\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 299008]
    "EzPrint"="c:\program files\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Cse\Start Menu\Programs\Indítópult\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk - c:\windows\system32\RunDll32.exe [2009-9-28 33280]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Indítópult\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]
    Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-3-29 541976]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-12 50688]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-10-17 450560]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-03-14 20:17 89600 ------w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\aon\\aonInstaller\\Installer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\aon\\aonController\\aonController.exe"=
    "c:\\Documents and Settings\\Cse\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*isabled:Rendszerfelügyeleti webszolgáltatások
    .
    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHD D.SYS [2010.03.08. 18:06 24304]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsH M86.sys [2009.10.09. 13:10 20520]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.10.16. 10:06 232512]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2009.09.28. 17:27 14336]
    R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011.10.21. 16:23 196176]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011.10.13. 18:21 249648]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010.03.08. 18:06 132456]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012.05.23. 17:35 654408]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011.09.15. 13:06 88576]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009.10.12. 23:19 53248]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007.03.14. 22:10 11152]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2007.03.30. 10:39 62320]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007.07.12. 2:38 569344]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012.06.01. 20:04 106656]
    R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\Leno voRd.sys [2007.06.08. 7:36 81280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012.05.23. 17:35 22344]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006.09.13. 12:42 30336]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010.03.18. 13:16 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010.03.18. 13:16 130384]
    S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009.07.03. 18:47 45424]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.02.29. 8:50 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [2012.04.03. 11:48 257696]
    S3 EraserUtilDrv11210;EraserUtilDrv11210;\??\c:\progr am files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2010.03.08. 16:41 1527900]
    S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011.05.31. 1:03 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 18:01 21248]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012.05.02. 11:00 129976]
    S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2010.03.02. 23:51 18816]
    S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007.03.14. 19:48 116416]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009.09.28. 17:27 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2009-09-28 c:\windows\Tasks\1. regisztrálási emlékeztető.job
    - c:\windows\system32\OOBE\oobebaln.exe [2009-09-28 16:02]
    .
    2009-10-08 c:\windows\Tasks\2. regisztrálási emlékeztető.job
    - c:\windows\system32\OOBE\oobebaln.exe [2009-09-28 16:02]
    .
    2009-10-13 c:\windows\Tasks\3. regisztrálási emlékeztető.job
    - c:\windows\system32\OOBE\oobebaln.exe [2009-09-28 16:02]
    .
    2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-03 08:04]
    .
    2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41]
    .
    2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41]
    .
    2012-06-04 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    2012-06-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
    .
    2012-06-04 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-28 00:12]
    .
    2012-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
    .
    2012-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
    .
    2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = localhost;127.0.0.1:9421;<local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.0.138
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
    FF - ProfilePath - c:\documents and settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.index.hu/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - user.js: extentions.y2layers.installId - 1f043563-823e-49f3-916d-3c3f2a322d44
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
    .
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-04 14:49
    Windows 5.1.2600 Szervizcsomag 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    ************************************************** ************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A kamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1756)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
    c:\program files\ThinkVantage Fingerprint Software\basegui.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll
    c:\program files\ThinkVantage Fingerprint Software\biokmd.dll
    c:\program files\ThinkVantage Fingerprint Software\tpmkey.dll
    c:\program files\ThinkVantage Fingerprint Software\ibmcore.dll
    .
    - - - - - - - > 'lsass.exe'(1816)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    .
    - - - - - - - > 'explorer.exe'(6768)
    c:\windows\system32\WININET.dll
    c:\docume~1\Cse\LOCALS~1\Temp\IadHide4.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSHU.DLL
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\ccProxy.exe
    c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\windows\system32\crypserv.exe
    c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Common Files\Lenovo\Logger\logmon.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\TpShocks.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\windows\system32\lxbycoms.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    ************************************************** ************************
    .
    Completion time: 2012-06-04 14:59:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-04 12:59
    ComboFix2.txt 2012-05-25 08:26
    .
    Pre-Run: 14 922 244 096 bájt szabad
    Post-Run: 14 959 042 560 bájt szabad
    .
    - - End Of File - - 8B2A7BDE66544A1FA28B075DFFAE799D

  19. #19
    Super Moderator & Security Team etavares's Avatar
    Join Date
    Apr 2011
    Posts
    592

    PC Experience:
    Very Experienced


    Operating System:
    Win7 Professional - Windows XP - Windows Home Server

    Default

    OK, at this point, please do two things.

    1. Are you still redirected/have pop ups?
    2. Please run OTL again and click Quick Scan and post the resulting log.

  20. #20
    FPCH New Member
    Join Date
    May 2012
    Posts
    29

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi,

    1. I tested some 15 different links and apparently the redirection stopped.
    2. The OTL report is below.

    Please advise if there is anything else left to do, thanks.

    OTL logfile created on: 2012.06.05. 9:35:30 - Run 2
    OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Cse\Asztal
    Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

    2,98 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 26,91% Memory free
    4,30 Gb Paging File | 2,25 Gb Available in Paging File | 52,22% Paging File free
    Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228,67 Gb Total Space | 14,37 Gb Free Space | 6,29% Space Free | Partition Type: NTFS

    Computer Name: JGRUBITS | User Name: Cse | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Cse\Asztal\OTL.scr (OldTimer Tools)
    PRC - C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
    PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
    PRC - C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
    PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
    PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
    PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
    PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
    PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
    PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
    PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
    PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
    PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
    PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
    PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
    PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
    PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
    PRC - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)
    PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
    PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
    PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
    PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
    PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
    PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
    PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
    PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\Lexmark P910 Series\lxbymon.exE (Lexmark International, Inc.)
    PRC - C:\WINDOWS\system32\lxbycoms.exe (Lexmark International, Inc.)
    PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
    PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
    PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
    PRC - C:\Program Files\Lexmark P910 Series\ezprint.exe ()
    PRC - C:\Program Files\Scriptum\GIB31\GIB30_32.exe (Scriptum Kiadó Rt.)


    ========== Modules (No Company Name) ==========

    MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.WorkflowServ#\6c7f57211a988e2f261dff251805e90e \System.WorkflowServices.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e \System.ServiceModel.Routing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb \System.ServiceModel.Discovery.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\d09c237ee72af3935f1a01388ef8e315 \System.ServiceModel.Channels.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\5055b60e339143bbace5871f5fe4b114 \System.ServiceModel.Activities.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e \System.IdentityModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\ System.ServiceModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\f42c2acdb000001066c78acfc6cd8655 \System.ServiceModel.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c \System.Runtime.DurableInstancing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e \System.Runtime.Serialization.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiag nostics.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\Syst em.Xml.Linq.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\d234eceae699d070b5a5712ce776c01f\System.X aml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\9080c8e8e7b6dfb502c1328673d636f8\Sy stem.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa \System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIA utomationProvider\0856245176949b6c5f69ce0db6c6a19e \UIAutomationProvider.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xm l.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\8ca00132a08c69697adf1cda32ebd835\Syste m.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\246c2e1ace46674db95e253d99f0067e \PresentationFramework.Luna.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\e4abab56b79465c688b18faafec4372a\Pre sentationCore.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Win dowsBase\7a6f33c72bd7bba0fef9ac1bb22277eb\WindowsB ase.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni .dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.Xml.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2 \PresentationFramework.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\a1de74c8d0dfd15e3246e5dd394013bf\Pre sentationCore.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Win dowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsB ase.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4 \PresentationFramework.Luna.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework \3.0.0.0__31bf3856ad364e35\PresentationFramework.d ll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0 \System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\03b5233f1511f5fdb39eb681b04e5506\Syste m.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\ed91b57205429a23bb91f4499059a459\System.C ore.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\d1f299160424bad90fe9f658661389e2\System.Xm l.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\623d2a0f11dd82bb9bc13d1cb981b239 \System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni .dll ()
    MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll ()
    MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll ()
    MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll ()
    MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll ()
    MOD - C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll ()
    MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
    MOD - C:\Documents and Settings\Cse\Application Data\SanDisk\My Vaults\dmBackup.dll ()
    MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
    MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()
    MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
    MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dl l ()
    MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes. dll ()
    MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes. dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()
    MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0. 0.0_hu_b77a5c561934e089\System.resources.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess .resources\2.0.0.0_hu_b03f5f7f11d50a3a\System.Serv iceProcess.resources.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2. 0.0.0_hu_b77a5c561934e089\mscorlib.resources.dll ()
    MOD - C:\WINDOWS\system32\btwicons.dll ()
    MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
    MOD - C:\WINDOWS\system32\nview.dll ()
    MOD - C:\WINDOWS\system32\nvshell.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
    MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
    MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
    MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll ()
    MOD - C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll ()
    MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
    MOD - C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll ()
    MOD - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
    MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
    MOD - C:\WINDOWS\system32\LXPRMON.DLL ()
    MOD - C:\Program Files\Lexmark P910 Series\ezprint.exe ()
    MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbyPP5C .DLL ()
    MOD - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll ()
    MOD - C:\Program Files\Scriptum\GIB31\SDBENW32.DLL ()
    MOD - C:\Program Files\Scriptum\GIB31\jpeglib.dll ()
    MOD - C:\Program Files\Scriptum\GIB31\GLMHUN32.DLL ()
    MOD - C:\Program Files\Scriptum\GIB31\GLMDEU32.DLL ()


    ========== Win32 Services (SafeList) ==========

    SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
    SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe (Microsoft Corporation)
    SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
    SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
    SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
    SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
    SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
    SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
    SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
    SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
    SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
    SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
    SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
    SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
    SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
    SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)
    SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
    SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
    SRV - (SavRoam) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)
    SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
    SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
    SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
    SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
    SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
    SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
    SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
    SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
    SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (lxby_device) -- C:\WINDOWS\system32\lxbycoms.exe (Lexmark International, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (mbr) -- C:\DOCUME~1\Cse\LOCALS~1\Temp\mbr.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (EraserUtilDrv11210) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\etavaresCF19709e\catchme.sys File not found
    DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120601.005\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120601.005\NAVENG.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
    DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120531.001\SymIDSCo.s ys (Symantec Corporation)
    DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
    DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
    DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
    DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
    DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
    DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
    DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
    DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
    DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
    DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
    DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
    DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
    DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
    DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
    DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
    DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
    DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
    DRV - (IntelIde) -- C:\WINDOWS\system32\drivers\intelide.sys (Microsoft Corporation)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
    DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation)
    DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation)
    DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys (Microsoft Corporation)
    DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\agpcpq.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (alim1541) -- C:\WINDOWS\system32\drivers\alim1541.sys (Microsoft Corporation)
    DRV - (agp440) -- C:\WINDOWS\system32\drivers\agp440.sys (Microsoft Corporation)
    DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
    DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()
    DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
    DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
    DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo)
    DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
    DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
    DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
    DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
    DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation)
    DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation)
    DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation)
    DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation)
    DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
    DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation)
    DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
    DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
    DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)
    DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation)
    DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation)
    DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation)
    DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation)
    DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation)
    DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation)
    DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation)
    DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
    DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation)
    DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
    DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation)
    DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation)
    DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
    DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation)
    DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
    DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation)
    DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation)
    DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation)
    DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation)
    DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation)
    DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation)
    DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
    DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation)
    DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={refer rer:source?}&amp;FORM=LENIE
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GGLJ_deAT347
    IE - HKCU\..\SearchScopes\{7ABE1B73-0763-423E-B91D-814AB935EF1C}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKCU\..\SearchScopes\{FC9CF8B4-59E2-442E-8A8E-B988ADAC399E}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = localhost;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.index.hu/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.05.30 23:26:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt [2011.10.29 23:34:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 11:00:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 19:34:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.29 23:34:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions
    [2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012.05.03 09:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\ext ensions
    [2011.05.30 23:21:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012.01.20 14:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\ext ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2012.05.03 09:34:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\ext ensions\plugin@yontoo.com
    [2012.01.14 23:59:28 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\sea rchplugins\bing.xml
    [2012.02.18 18:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012.03.25 19:39:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012.05.02 11:00:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012.02.18 13:57:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012.02.11 22:28:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011.01.19 20:50:37 | 000,002,032 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012.02.11 22:28:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrial Parameter}{google:instantFieldTrialGroupParameter} sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoo gleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.d ll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf 32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_233.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.9.0.9216_0\

    O1 HOSTS File: ([2012.06.04 14:48:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark P910 Series\ezprint.exe ()
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
    O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
    O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
    O4 - HKLM..\Run: [lxbymon.exe] C:\Program Files\Lexmark P910 Series\lxbymon.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
    O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\Trays erver.exe (MAGIX AG)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
    O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
    O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
    O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1254155909672 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1254156007953 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/l...achineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541500} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{077AE974-B150-457B-8948-189158AA3A90}: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
    O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.03.13 10:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.06.05 09:34:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr
    [2012.06.04 22:02:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012.06.04 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012.06.04 14:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012.06.04 14:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012.06.04 14:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012.06.04 14:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012.06.04 14:25:14 | 000,000,000 | ---D | C] -- C:\etavaresCF19709e
    [2012.06.04 14:23:24 | 004,536,354 | R--- | C] (Swearware) -- C:\Documents and Settings\Cse\Asztal\etavaresCF.exe
    [2012.06.04 11:20:19 | 000,000,000 | ---D | C] -- C:\etavaresCF15047e
    [2012.06.01 19:33:53 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
    [2012.05.25 09:48:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012.05.25 09:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012.05.25 09:41:46 | 000,000,000 | ---D | C] -- C:\etavaresCF
    [2012.05.25 09:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.05.25 08:46:27 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cse\Asztal\tdsskiller.exe
    [2012.05.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Malwarebytes
    [2012.05.23 17:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.05.23 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012.05.23 17:35:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012.05.23 17:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012.05.23 17:33:42 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cse\Asztal\mbam-setup-1.61.0.1400.exe
    [2012.05.15 16:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Revo Uninstaller
    [2012.05.15 16:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\FreeFixer
    [2012.05.15 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Local Settings\Application Data\FreeFixer
    [2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
    [2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\FreeFixer
    [2012.05.15 16:17:25 | 002,130,622 | ---- | C] (Kephyr) -- C:\Program Files\freefixersetup.exe
    [2012.05.13 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync
    [2012.05.04 09:38:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2012.05.03 23:53:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
    [2012.04.18 23:30:36 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.06.05 09:34:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr
    [2012.06.05 09:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012.06.05 09:01:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
    [2012.06.05 08:57:02 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012.06.05 08:48:04 | 000,052,301 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2012.06.05 08:47:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012.06.04 22:55:58 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2012.06.04 21:26:42 | 000,000,207 | ---- | M] () -- C:\WINDOWS\GIB30_32.INI
    [2012.06.04 20:35:20 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job
    [2012.06.04 20:35:19 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job
    [2012.06.04 15:57:00 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012.06.04 14:53:02 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk
    [2012.06.04 14:49:46 | 000,182,428 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012.06.04 14:48:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012.06.04 14:48:08 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012.06.04 14:47:37 | 000,025,456 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
    [2012.06.04 14:46:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
    [2012.06.04 14:46:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012.06.04 14:46:04 | 3202,658,304 | -HS- | M] () -- C:\hiberfil.sys
    [2012.06.04 14:42:59 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
    [2012.06.04 14:42:11 | 000,002,324 | ---- | M] () -- C:\WINDOWS\gib00001.hst
    [2012.06.04 14:23:40 | 004,536,354 | R--- | M] (Swearware) -- C:\Documents and Settings\Cse\Asztal\etavaresCF.exe
    [2012.06.04 12:00:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
    [2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
    [2012.06.02 14:41:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012.05.31 14:37:45 | 000,000,152 | ---- | M] () -- C:\WINDOWS\gib00002.hst
    [2012.05.30 20:50:28 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2012.05.30 17:44:41 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2012.05.25 09:48:21 | 000,000,364 | RHS- | M] () -- C:\boot.ini
    [2012.05.25 08:59:33 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Google Chrome.lnk
    [2012.05.25 08:46:27 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cse\Asztal\tdsskiller.exe
    [2012.05.23 17:35:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes Anti-Malware.lnk
    [2012.05.23 17:33:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cse\Asztal\mbam-setup-1.61.0.1400.exe
    [2012.05.22 09:11:06 | 000,000,248 | ---- | M] () -- C:\Boot.bak
    [2012.05.21 10:39:15 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
    [2012.05.15 16:47:17 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Cse\Asztal\Revo Uninstaller.lnk
    [2012.05.15 16:17:46 | 002,130,622 | ---- | M] (Kephyr) -- C:\Program Files\freefixersetup.exe
    [2012.05.14 20:49:45 | 003,895,848 | ---- | M] () -- C:\Program Files\HPPSdr.exe
    [2012.05.13 20:12:59 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
    [2012.05.13 20:12:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk
    [2012.05.13 10:13:01 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012.05.11 22:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012.05.11 22:20:22 | 000,533,726 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat
    [2012.05.11 22:20:22 | 000,503,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012.05.11 22:20:22 | 000,134,398 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat
    [2012.05.11 22:20:22 | 000,088,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012.05.08 17:18:02 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\Cse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.06.04 14:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012.06.04 14:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012.06.04 14:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012.06.04 14:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012.06.04 14:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012.05.25 09:48:21 | 000,000,248 | ---- | C] () -- C:\Boot.bak
    [2012.05.25 09:48:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012.05.23 17:35:04 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes Anti-Malware.lnk
    [2012.05.22 09:01:06 | 3202,658,304 | -HS- | C] () -- C:\hiberfil.sys
    [2012.05.14 20:45:46 | 003,895,848 | ---- | C] () -- C:\Program Files\HPPSdr.exe
    [2012.05.13 20:12:59 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
    [2012.05.13 20:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk
    [2012.05.13 10:11:08 | 000,540,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012.04.17 11:11:12 | 002,915,520 | ---- | C] () -- C:\Program Files\HPHNDU.exe
    [2012.03.30 13:23:09 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe
    [2012.03.29 18:20:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2012.01.11 15:37:58 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\.backup.dm
    [2011.12.08 10:04:31 | 005,313,141 | ---- | C] () -- C:\Program Files\install.exe
    [2011.12.05 08:17:09 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2601519475-432958476-330210462-1006-0.dat
    [2011.11.29 00:31:19 | 001,107,022 | ---- | C] () -- C:\Program Files\SubtitleWorkshop251.exe
    [2011.11.13 21:35:20 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011.05.17 21:58:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

    ========== LOP Check ==========

    [2012.05.22 08:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
    [2012.01.11 15:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
    [2011.10.16 10:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011.11.06 12:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
    [2011.07.12 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011.05.30 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
    [2009.09.28 18:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\m2backup
    [2010.03.08 16:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2009.09.28 18:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mquadr.at
    [2010.03.05 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009.10.18 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009.09.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2011.07.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2010.03.29 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
    [2011.12.08 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RavensburgerTipToi
    [2012.05.03 09:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2009.09.28 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
    [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4C64F87B-DDC8-4FB0-BC32-596BDEB52000}
    [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{91E14A42-CE18-4B53-9D80-4B6B72AB7C12}
    [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
    [2009.10.13 08:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Avaya
    [2012.03.29 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Canon
    [2011.10.16 10:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\DAEMON Tools Lite
    [2012.05.03 09:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\ElevatedDiagnostics
    [2009.10.17 23:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FotoWire
    [2012.05.15 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FreeFixer
    [2011.11.06 11:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GARMIN
    [2011.05.30 23:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GHISLER
    [2012.02.02 09:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC
    [2011.05.31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34. 1
    [2009.10.11 23:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\InterVideo
    [2009.09.29 00:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Leadertech
    [2009.12.02 16:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Lenovo
    [2010.03.08 16:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\MAGIX
    [2010.03.01 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Nokia
    [2010.03.01 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PC Suite
    [2011.05.29 09:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PCDr
    [2010.01.28 03:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RadLight Company
    [2011.12.08 10:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RavensburgerTipToi
    [2012.01.11 15:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\SanDisk
    [2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird
    [2009.09.29 03:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird Sept 29 start backup
    [2011.05.29 09:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Update
    [2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Desktop Search
    [2009.10.18 16:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Search
    [2009.09.28 17:19:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\1. regisztrálási emlékeztető.job
    [2009.10.08 23:50:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\2. regisztrálási emlékeztető.job
    [2009.10.13 23:50:13 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\3. regisztrálási emlékeztető.job
    [2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012.06.04 22:55:58 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
    [2012.06.04 12:00:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    < End of report >

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •