Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Win32.FraudLoad.edt won't clean

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    7

    Default Win32.FraudLoad.edt won't clean

    Hi,
    This thing will not go away
    Even after restarting and a very very long scan, Spybot cannot remove it.

    hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:14:13, on 08/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\DTS.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\AtService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\regedit.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\Conexant\SAII\SAIICpl.exe /c
    O4 - HKUS\S-1-5-21-2274058917-4037084290-1638430498-500\..\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE (User 'Administrator')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with XmlPad - res://C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: שלח ל&התקן Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: שלח ל-Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
    O16 - DPF: {31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class) - http://w3.castup.net/Yad2/curecorder...CURecorder.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control) - https://vpn.dal01.softlayer.com/prx/...host/arr_x.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T...ex/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6233B5-623B-49C1-A3C7-7388BF286678}: NameServer = 10.0.80.11 10.0.80.12
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
    O23 - Service: Array Utility Service 8,3,1,213 (Array_Utility_Service8.3.1.213) - Array Networks, Inc. - C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

    --
    End of file - 15951 bytes

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post report that shows the threat.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Oct 2009
    Posts
    7

    Default

    Quote Originally Posted by Blade81 View Post
    Hi,

    Please post report that shows the threat.
    How do I do that?

  4. #4
    Junior Member
    Join Date
    Oct 2009
    Posts
    7

    Default

    Quote Originally Posted by Blade81 View Post
    Hi,

    Please post report that shows the threat.
    I hope this is it:


    --- Search result list ---
    Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, fixing failed)
    HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}

    Right Media: Tracking cookie (Internet Explorer: Yogev) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-06-08 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-07-28 advcheck.dll (1.6.3.17)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-10-06 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-10-06 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-10-06 Includes\HijackersC.sbi (*)
    2009-09-29 Includes\Keyloggers.sbi (*)
    2009-10-06 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-10-06 Includes\Malware.sbi (*)
    2009-10-06 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-10-06 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-10-06 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-10-06 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-10-06 Includes\Trojans.sbi (*)
    2009-10-06 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player: Security Update for Windows Media Player (KB968816)
    / Windows Media Player: Security Update for Windows Media Player (KB973540)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB973874)
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Security Update for Windows XP (KB923561)
    / Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Hotfix for Windows XP (KB949764)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Security Update for Windows XP (KB952004)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB954459)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956572)
    / Windows XP / SP4: Security Update for Windows XP (KB956744)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956844)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB958690)
    / Windows XP / SP4: Security Update for Windows XP (KB959426)
    / Windows XP / SP4: Security Update for Windows XP (KB960225)
    / Windows XP / SP4: Security Update for Windows XP (KB960715)
    / Windows XP / SP4: Security Update for Windows XP (KB960803)
    / Windows XP / SP4: Security Update for Windows XP (KB960859)
    / Windows XP / SP4: Hotfix for Windows XP (KB961118)
    / Windows XP / SP4: Security Update for Windows XP (KB961371)
    / Windows XP / SP4: Security Update for Windows XP (KB961373)
    / Windows XP / SP4: Security Update for Windows XP (KB961501)
    / Windows XP / SP4: Update for Windows XP (KB961503)
    / Windows XP / SP4: Update for Windows XP (KB967715)
    / Windows XP / SP4: Update for Windows XP (KB968389)
    / Windows XP / SP4: Security Update for Windows XP (KB968537)
    / Windows XP / SP4: Security Update for Windows XP (KB969898)
    / Windows XP / SP4: Security Update for Windows XP (KB970238)
    / Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
    / Windows XP / SP4: Hotfix for Windows XP (KB970685)
    / Windows XP / SP4: Security Update for Windows XP (KB971557)
    / Windows XP / SP4: Security Update for Windows XP (KB971633)
    / Windows XP / SP4: Security Update for Windows XP (KB971657)
    / Windows XP / SP4: Security Update for Windows XP (KB973346)
    / Windows XP / SP4: Security Update for Windows XP (KB973354)
    / Windows XP / SP4: Security Update for Windows XP (KB973507)
    / Windows XP / SP4: Update for Windows XP (KB973815)
    / Windows XP / SP4: Security Update for Windows XP (KB973869)
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, cssauth
    command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    size: 3093816
    MD5: 91CFBFC27586DB0EE3AE5E324583F910

    Located: HK_LM:Run, egui
    command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    size: 2029640
    MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943

    Located: HK_LM:Run, EZEJMNAP
    command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    size: 256576
    MD5: 13FF0C420AECEB92FB0AD83A9A11A977

    Located: HK_LM:Run, FingerPrintSoftware
    command: "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
    file: C:\Program Files\Lenovo Fingerprint Software\fpapp.exe
    size: 12095488
    MD5: 7C4719451EF49A48E00C10F82AC98EC7

    Located: HK_LM:Run, LENOVO.TPFNF6R
    command: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    file: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    size: 15136
    MD5: 33FD3FA73602A600FDB2D4B655903454

    Located: HK_LM:Run, LPMailChecker
    command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    size: 124248
    MD5: 0FE121EF4E7EA2132CBC283C662F2425

    Located: HK_LM:Run, PWRMGRTR
    command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
    size: 417792
    MD5: 11390D03395A0D9AB87A94B2CF0E086D

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 413696
    MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9

    Located: HK_LM:Run, StartCCC
    command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    size: 61440
    MD5: 2659F9B422673A98D5629FA3294F5DF3

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 524288
    MD5: 65EB543EFEB395DDF4E0BB764DE089D0

    Located: HK_LM:Run, SynTPLpr
    command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 122880
    MD5: 125481AFA36D3E3AB44E3D745DBA05EB

    Located: HK_LM:Run, TPFNF7
    command: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    file: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    size: 60192
    MD5: 9423689404249FF340B1009ACFE60465

    Located: HK_LM:Run, TPHOTKEY
    command: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    file: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    size: 68976
    MD5: 0BF10B23779565BC472BEEBE3B9A20D9

    Located: HK_LM:Run, tsnp2uvc
    command: C:\WINDOWS\tsnp2uvc.exe
    file: C:\WINDOWS\tsnp2uvc.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotSnD
    command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89

    Located: HK_LM:Run, ACTray (DISABLED)
    command: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    file: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    size: 425984
    MD5: BCF1FF4C10C3D36CA94FDDCE69C599B6

    Located: HK_LM:Run, ACWLIcon (DISABLED)
    command: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    file: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    size: 143360
    MD5: E6D7E7697489F9D52C627B3A6C6154C0

    Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, BLOG (DISABLED)
    command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL
    size: 208896
    MD5: C31CAF9DD23823745159071D58CA47B5

    Located: HK_LM:Run, cssauth (DISABLED)
    command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    size: 3093816
    MD5: 91CFBFC27586DB0EE3AE5E324583F910

    Located: HK_LM:Run, EZEJMNAP (DISABLED)
    command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    size: 256576
    MD5: 13FF0C420AECEB92FB0AD83A9A11A977

    Located: HK_LM:Run, LPManager (DISABLED)
    command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    size: 165208
    MD5: E081FFE1890C1F523EA375500BF0A3B9

    Located: HK_LM:Run, StartCCC (DISABLED)
    command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    size: 61440
    MD5: 2659F9B422673A98D5629FA3294F5DF3

    Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
    command: "C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe"
    file: C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe
    size: 75256
    MD5: 1A4DD55F29E1D1422396B9B23D886F72

    Located: HK_CU:Run, CTFMON.EXE (DISABLED)
    where: .DEFAULT...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, googletalk
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    file: C:\Program Files\Google\Google Talk\googletalk.exe
    size: 3739648
    MD5: BCD9CBF0621F9A6767276A2E0BF1DD15

    Located: HK_CU:Run, MsnMsgr
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 3883856
    MD5: D39DA5B7139B4B5147B3C6A94978B5AA

    Located: HK_CU:Run, Skype
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    file: C:\Program Files\Skype\Phone\Skype.exe
    size: 22880040
    MD5: 72F095A18223E1072F242EA25D1C6E8E

    Located: HK_CU:Run, SmartAudio
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: C:\Program Files\Conexant\SAII\SAIICpl.exe /c
    file: C:\Program Files\Conexant\SAII\SAIICpl.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe (DISABLED)
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:RunOnce, CTRLWOL
    where: S-1-5-21-2274058917-4037084290-1638430498-500...
    command: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
    file: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE (DISABLED)
    where: S-1-5-18...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: Startup (common), Bluetooth.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    file: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    size: 604776
    MD5: 245B2ED592C5763D12203856E861CC31

    Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\palmOne\Hotsync.exe
    file: C:\Program Files\palmOne\Hotsync.exe
    size: 471040
    MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
    command: C:\Program Files\ERUNT\AUTOBACK.EXE
    file: C:\Program Files\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B

    Located: Startup (disabled), Digital Line Detect.lnk (DISABLED)
    command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
    file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: Startup (disabled), GlobeTrotter Connect (DISABLED)
    command: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE /noshow
    file: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE
    size: 864256
    MD5: B7034FFE2BE158E77053EC88F576320F

    Located: WinLogon, ACNotify
    command: ACNotify.dll
    file: ACNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ATFUS
    command: C:\WINDOWS\system32\FpWinLogonNp.dll
    file: C:\WINDOWS\system32\FpWinLogonNp.dll
    size: 180224
    MD5: C505CB1F0E58452F98647549ED48048D

    Located: WinLogon, AtiExtEvent
    command: Ati2evxx.dll
    file: Ati2evxx.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, tpfnf2
    command: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
    file: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
    size: 34344
    MD5: 0C3E484BF4AEC2749A9F4D0A91870780

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Adobe PDF Reader Link Helper
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 22/10/2006 22:08:42
    Date (last access): 11/10/2009 10:34:04
    Date (last write): 22/10/2006 22:08:42
    Filesize: 62080
    Attributes:
    MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
    CRC32: E388508F
    Version: 8.0.0.456

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 08/06/2009 11:19:28
    Date (last access): 11/10/2009 10:34:04
    Date (last write): 26/01/2009 14:31:02
    Filesize: 1879896
    Attributes:
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {5C255C8A-E604-49b4-9D64-90988571CECB} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: SSVHelper Class
    Path: C:\Program Files\Java\jre1.5.0_16\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 28/05/2008 12:03:40
    Date (last access): 11/10/2009 10:34:04
    Date (last write): 28/05/2008 12:18:42
    Filesize: 452080
    Attributes:
    MD5: 62835C8B1C082A007188EFCCBFA9CD04
    CRC32: CD3BC97F
    Version: 5.0.160.2

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 22/01/2009 14:41:30
    Date (last access): 11/10/2009 10:34:04
    Date (last write): 22/01/2009 14:41:30
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} (Password Manager Browser Helper Object)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Password Manager Browser Helper Object
    CLSID name: IePasswordManagerHelper Class
    Path: C:\Program Files\Lenovo\Client Security Solution\
    Long name: tvtpwm_ie_com.dll
    Short name: TVTPWM~1.DLL
    Date (created): 04/03/2009 21:27:22
    Date (last access): 11/10/2009 10:34:04
    Date (last write): 04/03/2009 21:27:22
    Filesize: 816440
    Attributes:
    MD5: 2373713DA0D182338CE33E2D9BEC8302
    CRC32: 021FFE63
    Version: 3.0.205.0



    --- ActiveX list ---
    {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class)
    DPF name:
    CLSID name: IASRunner Class
    Installer: C:\WINDOWS\Downloaded Program Files\acpir.inf
    Codebase: http://www-307.ibm.com/pc/support/acpir.cab
    description:
    classification: Open for discussion
    known filename: acpir2.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: acpir2.dll
    Short name:
    Date (created): 26/03/2007 12:34:44
    Date (last access): 08/10/2009 18:25:18
    Date (last write): 26/03/2007 12:34:44
    Filesize: 145008
    Attributes: archive
    MD5: 125C193CC7C9E39AC275708EE1ED9295
    CRC32: AF998D3E
    Version: 1.0.0.9

    {31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class)
    DPF name:
    CLSID name: WMRecorder Class
    Installer: C:\WINDOWS\Downloaded Program Files\CURecorder.inf
    Codebase: http://w3.castup.net/Yad2/curecorder...CURecorder.cab
    Path: C:\WINDOWS\system32\
    Long name: CURecorder.dll

    {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
    DPF name:
    CLSID name: HP Download Manager
    Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
    Codebase: https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: HPDEXAXO.dll
    Short name:
    Date (created): 18/10/2007 09:04:16
    Date (last access): 11/10/2009 10:59:20
    Date (last write): 18/10/2007 09:04:16
    Filesize: 341296
    Attributes: archive
    MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
    CRC32: 7ABDC22F
    Version: 1.0.5.1

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_16
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.5.0_16\bin\
    Long name: NPJPI150_16.dll
    Short name: NPJPI1~1.DLL
    Date (created): 28/05/2008 12:03:40
    Date (last access): 08/10/2009 18:25:18
    Date (last write): 28/05/2008 12:18:42
    Filesize: 75264
    Attributes:
    MD5: DDE7BAC61E2A285F05BFCD0B557142AB
    CRC32: 28EBFE28
    Version: 5.0.160.2

    {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control)
    DPF name:
    CLSID name: ArrVPNAX Control
    Installer: C:\WINDOWS\Downloaded Program Files\arr_vpn.inf
    Codebase: https://vpn.dal01.softlayer.com/prx/...host/arr_x.cab
    Path: C:\WINDOWS\system32\
    Long name: arr_x.ocx
    Short name:
    Date (created): 30/03/2009 11:47:58
    Date (last access): 08/10/2009 18:25:18
    Date (last write): 30/03/2009 11:47:58
    Filesize: 94280
    Attributes: archive
    MD5: 72816D8FCD16BAFC13E7C1B0D0524168
    CRC32: D86F04A2
    Version: 8.3.1.213

    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
    DPF name:
    CLSID name: Office Update Installation Engine
    Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
    Codebase: http://office.microsoft.com/officeup...tent/opuc4.cab
    description:
    classification: Legitimate
    known filename: opuc.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\
    Long name: opuc.dll
    Short name:
    Date (created): 20/07/2009 11:29:34
    Date (last access): 11/10/2009 10:59:26
    Date (last write): 20/07/2009 11:29:34
    Filesize: 524288
    Attributes: archive
    MD5: 4D5BD4D224A14B854462B37AE226AD8A
    CRC32: A777A82B
    Version: 12.0.5624.1000

    {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_16
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.5.0_16\bin\
    Long name: NPJPI150_16.dll
    Short name: NPJPI1~1.DLL
    Date (created): 28/05/2008 12:03:40
    Date (last access): 11/10/2009 11:21:08
    Date (last write): 28/05/2008 12:18:42
    Filesize: 75264
    Attributes:
    MD5: DDE7BAC61E2A285F05BFCD0B557142AB
    CRC32: 28EBFE28
    Version: 5.0.160.2

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_16
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_16\bin\
    Long name: NPJPI150_16.dll
    Short name: NPJPI1~1.DLL
    Date (created): 28/05/2008 12:03:40
    Date (last access): 11/10/2009 11:21:08
    Date (last write): 28/05/2008 12:18:42
    Filesize: 75264
    Attributes:
    MD5: DDE7BAC61E2A285F05BFCD0B557142AB
    CRC32: 28EBFE28
    Version: 5.0.160.2

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash10c.ocx
    Short name:
    Date (created): 18/07/2009 05:12:12
    Date (last access): 11/10/2009 10:34:54
    Date (last write): 18/07/2009 05:12:12
    Filesize: 3979680
    Attributes: readonly archive
    MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
    CRC32: D6F40D46
    Version: 10.0.32.18

    {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class)
    DPF name:
    CLSID name: LauncherV1 Class
    Installer:
    Codebase: http://www.tapuz.co.il/irc/main/launcher.cab
    description:
    classification: Open for discussion
    known filename: launcher.ocx
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: launcher.ocx
    Short name:
    Date (created): 10/01/2009 20:56:06
    Date (last access): 08/10/2009 18:25:18
    Date (last write): 10/01/2009 20:56:06
    Filesize: 458752
    Attributes: archive
    MD5: D654AE4E4DB4B6FD8025888BEF3231F3
    CRC32: 6D3C84CB
    Version: 1.0.0.1

    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    DPF name:
    CLSID name: GpcContainer Class
    Installer: C:\WINDOWS\Downloaded Program Files\ieatgpc.inf
    Codebase: https://freetrial.webex.com/client/T...ex/ieatgpc.cab
    description:
    classification: Legitimate
    known filename: ieatgpc.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: ieatgpc.dll
    Short name:
    Date (created): 01/06/2009 00:23:06
    Date (last access): 08/10/2009 18:25:18
    Date (last write): 01/06/2009 00:23:06
    Filesize: 99216
    Attributes: archive
    MD5: D0C2E12F40FAE255E78E210BF00DC741
    CRC32: D71A7E78
    Version: 2.1.0.0

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 976 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 1100 ( 976) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 1132 ( 976) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 1176 (1132) C:\WINDOWS\system32\services.exe
    size: 110592
    MD5: 65DF52F5B8B6E9BBD183505225C37315
    PID: 1188 (1132) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: BF2466B3E18E970D8A976FB95FC1CA85
    PID: 1372 (1176) C:\WINDOWS\system32\DTS.exe
    size: 98304
    MD5: A001463CECD4858C789559F3AE47E453
    PID: 1384 (1176) C:\WINDOWS\system32\ibmpmsvc.exe
    size: 38176
    MD5: 822675EB6DD6F078316AA6EBC545518C
    PID: 1416 (1176) C:\WINDOWS\system32\AtService.exe
    size: 1680632
    MD5: 9B86567A73931608023A7642A173A095
    PID: 1444 (1176) C:\WINDOWS\system32\Ati2evxx.exe
    size: 598016
    MD5: 838B66554A9F896BE6BC6E036925340E
    PID: 1460 (1176) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1540 (1176) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1580 (1176) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1668 (1176) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    size: 909312
    MD5: 55CCC8CED5778556F6B516B3858AC970
    PID: 1732 (1176) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1800 (1176) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 288 (1176) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
    PID: 360 (1132) C:\WINDOWS\system32\Ati2evxx.exe
    size: 598016
    MD5: 838B66554A9F896BE6BC6E036925340E
    PID: 788 ( 760) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 12896823FB95BFB3DC9B46BCAEDC9923
    PID: 1036 (1176) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 568 (1176) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    size: 62320
    MD5: A2080872EFB7582B43762141AE8D61B9
    PID: 1152 (1176) C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
    size: 344139
    MD5: 4C03995321648780E123D9B42827D3D1
    PID: 1608 (1176) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    size: 90112
    MD5: 399332484EC3DA416A8691D42023DF56
    PID: 1652 (1176) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    size: 72704
    MD5: 0D52AA08491A827FBA10DE8DE0E2885F
    PID: 1740 (1176) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    size: 731840
    MD5: A5F63285C1B6C4B396D9ACE0DFFC88EF
    PID: 1964 (1176) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    size: 870672
    MD5: 53CCA6B4DF0977074E85C9A18F42B5CC
    PID: 1980 (1176) C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
    size: 196704
    MD5: 4A58B52E866BC50F81F63FE181384982
    PID: 2008 (1176) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    size: 112152
    MD5: 213822072085B5BBAD9AF30AB577D817
    PID: 2128 (1176) C:\Program Files\Intel\AMT\LMS.exe
    size: 174616
    MD5: 6A38BF67BBA38E8087F2A0F05FAB6DE7
    PID: 2476 (1176) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    size: 473360
    MD5: 7C4391419852DFC331F6AF620C33AF3C
    PID: 2520 (1176) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2536 (1176) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    size: 750904
    MD5: 1C7B8E69BF9557A17A17F2120892ACF9
    PID: 2608 (1176) C:\WINDOWS\System32\TPHDEXLG.exe
    size: 39976
    MD5: 5A726E3CC83655EF71912C4775D004F9
    PID: 2676 (1176) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    size: 779576
    MD5: DDD4A2C9A37B93C7D8A539F785572565
    PID: 2696 (1176) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    size: 520192
    MD5: D6EE5DCB3EC401BAA10395809047935E
    PID: 2712 (1176) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    size: 950272
    MD5: 0DB73F3FB565CF028C7458C70FA59121
    PID: 2744 (1176) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    size: 1155072
    MD5: 6C69FE90F0CC12EF0638AE10DFA4DB4E
    PID: 2768 (1176) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    size: 360448
    MD5: 22A001F3FBB92E3811C3BFD8FDAD3ED3
    PID: 2804 (1176) C:\WINDOWS\system32\wdfmgr.exe
    size: 38912
    MD5: AB0A7CA90D9E3D6A193905DC1715DED0
    PID: 2832 (1176) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    size: 2058776
    MD5: FA84735377D00E12597D2A1D8D2C320E
    PID: 2928 (1176) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    size: 53248
    MD5: F4BE7426345FEE3FF88834CDEA77E9A1
    PID: 2968 (1176) c:\program files\lenovo\system update\suservice.exe
    size: 28672
    MD5: ECC419E6AC1FE8EA5F9E792D2C9B1737
    PID: 3000 (1176) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    size: 212992
    MD5: 99B521BC52FA1517D917EF53D920F0C5
    PID: 3280 (1176) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    size: 346720
    MD5: 84188314C5F1B10B20F624C1343A0C49
    PID: 3556 (1176) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 8C515081584A38AA007909CD02020B3D
    PID: 3572 (1460) C:\WINDOWS\system32\wbem\wmiprvse.exe
    size: 227840
    MD5: 798A9E6828997EEF4517ADA8A2259831
    PID: 4032 (3000) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    size: 126976
    MD5: 51C4DD645935159ED2CD8458F8A50DB0
    PID: 700 ( 788) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 122880
    MD5: 125481AFA36D3E3AB44E3D745DBA05EB
    PID: 1644 ( 788) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 524288
    MD5: 65EB543EFEB395DDF4E0BB764DE089D0
    PID: 1692 ( 788) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    size: 60192
    MD5: 9423689404249FF340B1009ACFE60465
    PID: 1896 ( 788) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    size: 68976
    MD5: 0BF10B23779565BC472BEEBE3B9A20D9
    PID: 1932 ( 788) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    size: 124248
    MD5: 0FE121EF4E7EA2132CBC283C662F2425
    PID: 1936 ( 788) C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: 037B1E7798960E0420003D05BB577EE6
    PID: 2092 ( 788) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    size: 256576
    MD5: 13FF0C420AECEB92FB0AD83A9A11A977
    PID: 2072 ( 788) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    size: 3093816
    MD5: 91CFBFC27586DB0EE3AE5E324583F910
    PID: 2144 (1952) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    size: 49152
    MD5: 33C014C1709F7222CEFF61B780EDC967
    PID: 3364 ( 788) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    size: 2029640
    MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943
    PID: 580 ( 788) C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    size: 15136
    MD5: 33FD3FA73602A600FDB2D4B655903454
    PID: 1476 ( 788) C:\Program Files\Google\Google Talk\googletalk.exe
    size: 3739648
    MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
    PID: 2192 ( 788) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 3883856
    MD5: D39DA5B7139B4B5147B3C6A94978B5AA
    PID: 2440 ( 788) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
    PID: 2416 ( 788) C:\Program Files\Skype\Phone\Skype.exe
    size: 22880040
    MD5: 72F095A18223E1072F242EA25D1C6E8E
    PID: 2960 (1896) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    size: 67432
    MD5: 72D9419E4AA1C40C9E34821722D335C8
    PID: 2004 (1896) C:\Program Files\Lenovo\Zoom\TpScrex.exe
    size: 128368
    MD5: 58CBD24C7BD44388CD516DE81C0ACAFF
    PID: 3600 ( 788) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    size: 604776
    MD5: 245B2ED592C5763D12203856E861CC31
    PID: 2572 (2144) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    size: 49152
    MD5: BA7D56C1F3DD385EE58ADDA14C6FFB54
    PID: 2584 ( 788) C:\Program Files\palmOne\Hotsync.exe
    size: 471040
    MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
    PID: 3244 (1460) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
    size: 1456768
    MD5: CB3A8823ED587BCD476387A8155170D3
    PID: 3876 ( 788) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    size: 199688
    MD5: 8219160C141B505AB5C112F73405C348
    PID: 2448 (1176) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 3792 (2416) C:\Program Files\Skype\Plugin Manager\skypePM.exe
    size: 2040776
    MD5: 942A6D257DBDA957C4B19169B3BBBC7D
    PID: 1048 (2072) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    size: 865592
    MD5: CC1D3E199BF1EEAF4B2FE07B17DD8C29
    PID: 968 (1460) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    size: 27512
    MD5: 654480EA67078C7B4C6C8BA871B07D5D
    PID: 5476 (1460) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    size: 12314456
    MD5: 677DFF359C288A2F2CDE810BFF049E7F
    PID: 4392 ( 788) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 908280
    MD5: 4F201BA5F08B6726A32886655DA53FB1
    PID: 4672 (1496) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    size: 341616
    MD5: 80660C611B596FFE8AF4074B31AA6FB7
    PID: 4760 ( 788) C:\Program Files\TextMe\TextMe.exe
    size: 319488
    MD5: A977BB7D6C44B61A705F13206C146476
    PID: 2168 ( 788) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 4984 (2168) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 688 ( 788) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4548 (2168) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 11/10/2009 11:21:08

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.walla.co.il/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] SEQPACKET 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.


    How's the system running?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member
    Join Date
    Oct 2009
    Posts
    7

    Default

    System is running OK.

    Here is the log:

    Malwarebytes' Anti-Malware 1.41
    Database version: 2941
    Windows 5.1.2600 Service Pack 3

    11/10/2009 16:58:08
    mbam-log-2009-10-11 (16-58-08).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 220309
    Time elapsed: 1 hour(s), 1 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys (Worm.Spambot) -> Delete on reboot.

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. Let's update your Java.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


    Is your Adobe Reader version earlier than 8.1.6? If it is, launch Adobe Reader and update it to non vulnerable version.

    Post a fresh hjt log and let me know if that registry entry still shows in scan results.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Oct 2009
    Posts
    7

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:32:37, on 12/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\DTS.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\AtService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\Conexant\SAII\SAIICpl.exe /c
    O4 - HKUS\S-1-5-21-2274058917-4037084290-1638430498-500\..\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE (User 'Administrator')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with XmlPad - res://C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: שלח ל&התקן Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: שלח ל-Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
    O16 - DPF: {31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class) - http://w3.castup.net/Yad2/curecorder...CURecorder.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control) - https://vpn.dal01.softlayer.com/prx/...host/arr_x.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T...ex/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
    O23 - Service: Array Utility Service 8,3,1,213 (Array_Utility_Service8.3.1.213) - Array Networks, Inc. - C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

    --
    End of file - 15797 bytes

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. Any issues left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Junior Member
    Join Date
    Oct 2009
    Posts
    7

    Default

    Only issue left is the "right media" that keeps showing on each scan, even after it's fixed on the last scan.

    Spybot log:


    --- Search result list ---
    Right Media: Tracking cookie (Internet Explorer: Yogev) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-06-08 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-07-28 advcheck.dll (1.6.3.17)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-10-06 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-10-06 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-10-06 Includes\HijackersC.sbi (*)
    2009-09-29 Includes\Keyloggers.sbi (*)
    2009-10-06 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-10-06 Includes\Malware.sbi (*)
    2009-10-06 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-10-06 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-10-06 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-10-06 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-10-06 Includes\Trojans.sbi (*)
    2009-10-06 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player: Security Update for Windows Media Player (KB968816)
    / Windows Media Player: Security Update for Windows Media Player (KB973540)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
    / Windows XP / SP0: Update for Windows Internet Explorer 8 (KB973874)
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Security Update for Windows XP (KB923561)
    / Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Hotfix for Windows XP (KB949764)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Security Update for Windows XP (KB952004)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB954459)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956572)
    / Windows XP / SP4: Security Update for Windows XP (KB956744)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956844)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB958690)
    / Windows XP / SP4: Security Update for Windows XP (KB959426)
    / Windows XP / SP4: Security Update for Windows XP (KB960225)
    / Windows XP / SP4: Security Update for Windows XP (KB960715)
    / Windows XP / SP4: Security Update for Windows XP (KB960803)
    / Windows XP / SP4: Security Update for Windows XP (KB960859)
    / Windows XP / SP4: Hotfix for Windows XP (KB961118)
    / Windows XP / SP4: Security Update for Windows XP (KB961371)
    / Windows XP / SP4: Security Update for Windows XP (KB961373)
    / Windows XP / SP4: Security Update for Windows XP (KB961501)
    / Windows XP / SP4: Update for Windows XP (KB961503)
    / Windows XP / SP4: Update for Windows XP (KB967715)
    / Windows XP / SP4: Update for Windows XP (KB968389)
    / Windows XP / SP4: Security Update for Windows XP (KB968537)
    / Windows XP / SP4: Security Update for Windows XP (KB969898)
    / Windows XP / SP4: Security Update for Windows XP (KB970238)
    / Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
    / Windows XP / SP4: Hotfix for Windows XP (KB970685)
    / Windows XP / SP4: Security Update for Windows XP (KB971557)
    / Windows XP / SP4: Security Update for Windows XP (KB971633)
    / Windows XP / SP4: Security Update for Windows XP (KB971657)
    / Windows XP / SP4: Security Update for Windows XP (KB973346)
    / Windows XP / SP4: Security Update for Windows XP (KB973354)
    / Windows XP / SP4: Security Update for Windows XP (KB973507)
    / Windows XP / SP4: Update for Windows XP (KB973815)
    / Windows XP / SP4: Security Update for Windows XP (KB973869)
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, cssauth
    command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    size: 3093816
    MD5: 91CFBFC27586DB0EE3AE5E324583F910

    Located: HK_LM:Run, egui
    command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    size: 2029640
    MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943

    Located: HK_LM:Run, EZEJMNAP
    command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    size: 256576
    MD5: 13FF0C420AECEB92FB0AD83A9A11A977

    Located: HK_LM:Run, FingerPrintSoftware
    command: "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
    file: C:\Program Files\Lenovo Fingerprint Software\fpapp.exe
    size: 12095488
    MD5: 7C4719451EF49A48E00C10F82AC98EC7

    Located: HK_LM:Run, LENOVO.TPFNF6R
    command: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    file: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    size: 15136
    MD5: 33FD3FA73602A600FDB2D4B655903454

    Located: HK_LM:Run, LPMailChecker
    command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    size: 124248
    MD5: 0FE121EF4E7EA2132CBC283C662F2425

    Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
    command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    size: 1312080
    MD5: C5FCC0B761069FABD59E41B7C3280DDF

    Located: HK_LM:Run, PWRMGRTR
    command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
    size: 417792
    MD5: 11390D03395A0D9AB87A94B2CF0E086D

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 413696
    MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9

    Located: HK_LM:Run, StartCCC
    command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    size: 61440
    MD5: 2659F9B422673A98D5629FA3294F5DF3

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre6\bin\jusched.exe"
    file: C:\Program Files\Java\jre6\bin\jusched.exe
    size: 149280
    MD5: 5E4C9C25D603AE46DEDCBD9674F86E21

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 524288
    MD5: 65EB543EFEB395DDF4E0BB764DE089D0

    Located: HK_LM:Run, SynTPLpr
    command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 122880
    MD5: 125481AFA36D3E3AB44E3D745DBA05EB

    Located: HK_LM:Run, TPFNF7
    command: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    file: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    size: 60192
    MD5: 9423689404249FF340B1009ACFE60465

    Located: HK_LM:Run, TPHOTKEY
    command: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    file: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    size: 68976
    MD5: 0BF10B23779565BC472BEEBE3B9A20D9

    Located: HK_LM:Run, tsnp2uvc
    command: C:\WINDOWS\tsnp2uvc.exe
    file: C:\WINDOWS\tsnp2uvc.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, ACTray (DISABLED)
    command: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    file: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    size: 425984
    MD5: BCF1FF4C10C3D36CA94FDDCE69C599B6

    Located: HK_LM:Run, ACWLIcon (DISABLED)
    command: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    file: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    size: 143360
    MD5: E6D7E7697489F9D52C627B3A6C6154C0

    Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, BLOG (DISABLED)
    command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL
    size: 208896
    MD5: C31CAF9DD23823745159071D58CA47B5

    Located: HK_LM:Run, cssauth (DISABLED)
    command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    size: 3093816
    MD5: 91CFBFC27586DB0EE3AE5E324583F910

    Located: HK_LM:Run, EZEJMNAP (DISABLED)
    command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    size: 256576
    MD5: 13FF0C420AECEB92FB0AD83A9A11A977

    Located: HK_LM:Run, LPManager (DISABLED)
    command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    size: 165208
    MD5: E081FFE1890C1F523EA375500BF0A3B9

    Located: HK_LM:Run, StartCCC (DISABLED)
    command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    size: 61440
    MD5: 2659F9B422673A98D5629FA3294F5DF3

    Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
    command: "C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe"
    file: C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE (DISABLED)
    where: .DEFAULT...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, googletalk
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    file: C:\Program Files\Google\Google Talk\googletalk.exe
    size: 3739648
    MD5: BCD9CBF0621F9A6767276A2E0BF1DD15

    Located: HK_CU:Run, MsnMsgr
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 3883856
    MD5: D39DA5B7139B4B5147B3C6A94978B5AA

    Located: HK_CU:Run, Skype
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    file: C:\Program Files\Skype\Phone\Skype.exe
    size: 22880040
    MD5: 72F095A18223E1072F242EA25D1C6E8E

    Located: HK_CU:Run, SmartAudio
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: C:\Program Files\Conexant\SAII\SAIICpl.exe /c
    file: C:\Program Files\Conexant\SAII\SAIICpl.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ctfmon.exe (DISABLED)
    where: S-1-5-21-2274058917-4037084290-1638430498-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:RunOnce, CTRLWOL
    where: S-1-5-21-2274058917-4037084290-1638430498-500...
    command: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
    file: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE (DISABLED)
    where: S-1-5-18...
    command: C:\WINDOWS\system32\CTFMON.EXE
    file: C:\WINDOWS\system32\CTFMON.EXE
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: Startup (common), Bluetooth.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    file: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    size: 604776
    MD5: 245B2ED592C5763D12203856E861CC31

    Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\palmOne\Hotsync.exe
    file: C:\Program Files\palmOne\Hotsync.exe
    size: 471040
    MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
    command: C:\Program Files\ERUNT\AUTOBACK.EXE
    file: C:\Program Files\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B

    Located: Startup (disabled), Digital Line Detect.lnk (DISABLED)
    command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
    file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: Startup (disabled), GlobeTrotter Connect (DISABLED)
    command: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE /noshow
    file: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE
    size: 864256
    MD5: B7034FFE2BE158E77053EC88F576320F

    Located: WinLogon, ACNotify
    command: ACNotify.dll
    file: ACNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ATFUS
    command: C:\WINDOWS\system32\FpWinLogonNp.dll
    file: C:\WINDOWS\system32\FpWinLogonNp.dll
    size: 180224
    MD5: C505CB1F0E58452F98647549ED48048D

    Located: WinLogon, AtiExtEvent
    command: Ati2evxx.dll
    file: Ati2evxx.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, tpfnf2
    command: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
    file: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
    size: 34344
    MD5: 0C3E484BF4AEC2749A9F4D0A91870780

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Adobe PDF Reader Link Helper
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 22/10/2006 22:08:42
    Date (last access): 12/10/2009 08:59:26
    Date (last write): 22/10/2006 22:08:42
    Filesize: 62080
    Attributes:
    MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
    CRC32: E388508F
    Version: 8.0.0.456

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 08/06/2009 11:19:28
    Date (last access): 12/10/2009 08:59:26
    Date (last write): 26/01/2009 14:31:02
    Filesize: 1879896
    Attributes:
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {5C255C8A-E604-49b4-9D64-90988571CECB} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 22/01/2009 14:41:30
    Date (last access): 12/10/2009 08:59:28
    Date (last write): 22/01/2009 14:41:30
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} (Password Manager Browser Helper Object)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Password Manager Browser Helper Object
    CLSID name: IePasswordManagerHelper Class
    Path: C:\Program Files\Lenovo\Client Security Solution\
    Long name: tvtpwm_ie_com.dll
    Short name: TVTPWM~1.DLL
    Date (created): 04/03/2009 21:27:22
    Date (last access): 12/10/2009 08:59:28
    Date (last write): 04/03/2009 21:27:22
    Filesize: 816440
    Attributes:
    MD5: 2373713DA0D182338CE33E2D9BEC8302
    CRC32: 021FFE63
    Version: 3.0.205.0

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 12/10/2009 01:13:12
    Date (last access): 12/10/2009 08:59:28
    Date (last write): 12/10/2009 01:13:12
    Filesize: 41760
    Attributes: archive
    MD5: 7AF9D3B7B88AF81D2F87AA846DC2EE70
    CRC32: 00DFC49A
    Version: 6.0.160.1

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: JQSIEStartDetectorImpl
    CLSID name: JQSIEStartDetectorImpl Class
    Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
    Long name: jqs_plugin.dll
    Short name: JQS_PL~1.DLL
    Date (created): 12/10/2009 01:13:14
    Date (last access): 12/10/2009 08:59:30
    Date (last write): 12/10/2009 01:13:14
    Filesize: 73728
    Attributes: archive
    MD5: 37EDBCC7E5E0B89E59941FF79A2F9746
    CRC32: 60D1666F
    Version: 6.0.160.1



    --- ActiveX list ---
    {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class)
    DPF name:
    CLSID name: IASRunner Class
    Installer: C:\WINDOWS\Downloaded Program Files\acpir.inf
    Codebase: http://www-307.ibm.com/pc/support/acpir.cab
    description:
    classification: Open for discussion
    known filename: acpir2.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: acpir2.dll
    Short name:
    Date (created): 26/03/2007 12:34:44
    Date (last access): 12/10/2009 09:24:40
    Date (last write): 26/03/2007 12:34:44
    Filesize: 145008
    Attributes: archive
    MD5: 125C193CC7C9E39AC275708EE1ED9295
    CRC32: AF998D3E
    Version: 1.0.0.9

    {31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class)
    DPF name:
    CLSID name: WMRecorder Class
    Installer: C:\WINDOWS\Downloaded Program Files\CURecorder.inf
    Codebase: http://w3.castup.net/Yad2/curecorder...CURecorder.cab
    Path: C:\WINDOWS\system32\
    Long name: CURecorder.dll

    {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
    DPF name:
    CLSID name: HP Download Manager
    Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
    Codebase: https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: HPDEXAXO.dll
    Short name:
    Date (created): 18/10/2007 09:04:16
    Date (last access): 12/10/2009 09:14:04
    Date (last write): 18/10/2007 09:04:16
    Filesize: 341296
    Attributes: archive
    MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
    CRC32: 7ABDC22F
    Version: 1.0.5.1

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_16
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_16.dll
    Short name: NPJPI1~1.DLL
    Date (created): 12/10/2009 01:13:14
    Date (last access): 12/10/2009 01:13:14
    Date (last write): 12/10/2009 01:13:14
    Filesize: 136992
    Attributes: archive
    MD5: EF5C38E082CA41D7588621F3DFA09A64
    CRC32: D4B4406B
    Version: 6.0.160.1

    {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control)
    DPF name:
    CLSID name: ArrVPNAX Control
    Installer: C:\WINDOWS\Downloaded Program Files\arr_vpn.inf
    Codebase: https://vpn.dal01.softlayer.com/prx/...host/arr_x.cab
    Path: C:\WINDOWS\system32\
    Long name: arr_x.ocx
    Short name:
    Date (created): 30/03/2009 11:47:58
    Date (last access): 11/10/2009 16:47:06
    Date (last write): 30/03/2009 11:47:58
    Filesize: 94280
    Attributes: archive
    MD5: 72816D8FCD16BAFC13E7C1B0D0524168
    CRC32: D86F04A2
    Version: 8.3.1.213

    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
    DPF name:
    CLSID name: Office Update Installation Engine
    Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
    Codebase: http://office.microsoft.com/officeup...tent/opuc4.cab
    description:
    classification: Legitimate
    known filename: opuc.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\
    Long name: opuc.dll
    Short name:
    Date (created): 20/07/2009 11:29:34
    Date (last access): 12/10/2009 09:14:10
    Date (last write): 20/07/2009 11:29:34
    Filesize: 524288
    Attributes: archive
    MD5: 4D5BD4D224A14B854462B37AE226AD8A
    CRC32: A777A82B
    Version: 12.0.5624.1000

    {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_16
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_16.dll
    Short name: NPJPI1~1.DLL
    Date (created): 12/10/2009 01:13:14
    Date (last access): 12/10/2009 09:34:02
    Date (last write): 12/10/2009 01:13:14
    Filesize: 136992
    Attributes: archive
    MD5: EF5C38E082CA41D7588621F3DFA09A64
    CRC32: D4B4406B
    Version: 6.0.160.1

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_16
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_16.dll
    Short name: NPJPI1~1.DLL
    Date (created): 12/10/2009 01:13:14
    Date (last access): 12/10/2009 09:34:02
    Date (last write): 12/10/2009 01:13:14
    Filesize: 136992
    Attributes: archive
    MD5: EF5C38E082CA41D7588621F3DFA09A64
    CRC32: D4B4406B
    Version: 6.0.160.1

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash10c.ocx
    Short name:
    Date (created): 18/07/2009 05:12:12
    Date (last access): 12/10/2009 08:59:36
    Date (last write): 18/07/2009 05:12:12
    Filesize: 3979680
    Attributes: readonly archive
    MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
    CRC32: D6F40D46
    Version: 10.0.32.18

    {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class)
    DPF name:
    CLSID name: LauncherV1 Class
    Installer:
    Codebase: http://www.tapuz.co.il/irc/main/launcher.cab
    description:
    classification: Open for discussion
    known filename: launcher.ocx
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: launcher.ocx
    Short name:
    Date (created): 10/01/2009 20:56:06
    Date (last access): 12/10/2009 09:24:42
    Date (last write): 10/01/2009 20:56:06
    Filesize: 458752
    Attributes: archive
    MD5: D654AE4E4DB4B6FD8025888BEF3231F3
    CRC32: 6D3C84CB
    Version: 1.0.0.1

    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    DPF name:
    CLSID name: GpcContainer Class
    Installer: C:\WINDOWS\Downloaded Program Files\ieatgpc.inf
    Codebase: https://freetrial.webex.com/client/T...ex/ieatgpc.cab
    description:
    classification: Legitimate
    known filename: ieatgpc.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: ieatgpc.dll
    Short name:
    Date (created): 01/06/2009 00:23:06
    Date (last access): 12/10/2009 09:24:42
    Date (last write): 01/06/2009 00:23:06
    Filesize: 99216
    Attributes: archive
    MD5: D0C2E12F40FAE255E78E210BF00DC741
    CRC32: D71A7E78
    Version: 2.1.0.0

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 968 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 1088 ( 968) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 1124 ( 968) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 1168 (1124) C:\WINDOWS\system32\services.exe
    size: 110592
    MD5: 65DF52F5B8B6E9BBD183505225C37315
    PID: 1180 (1124) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: BF2466B3E18E970D8A976FB95FC1CA85
    PID: 1360 (1168) C:\WINDOWS\system32\DTS.exe
    size: 98304
    MD5: A001463CECD4858C789559F3AE47E453
    PID: 1372 (1168) C:\WINDOWS\system32\ibmpmsvc.exe
    size: 38176
    MD5: 822675EB6DD6F078316AA6EBC545518C
    PID: 1404 (1168) C:\WINDOWS\system32\AtService.exe
    size: 1680632
    MD5: 9B86567A73931608023A7642A173A095
    PID: 1432 (1168) C:\WINDOWS\system32\Ati2evxx.exe
    size: 598016
    MD5: 838B66554A9F896BE6BC6E036925340E
    PID: 1452 (1168) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1528 (1168) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1568 (1168) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1660 (1168) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    size: 909312
    MD5: 55CCC8CED5778556F6B516B3858AC970
    PID: 1752 (1168) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1792 (1168) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 280 (1168) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
    PID: 352 (1124) C:\WINDOWS\system32\Ati2evxx.exe
    size: 598016
    MD5: 838B66554A9F896BE6BC6E036925340E
    PID: 644 ( 528) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 12896823FB95BFB3DC9B46BCAEDC9923
    PID: 1940 (1168) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2000 (1168) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    size: 62320
    MD5: A2080872EFB7582B43762141AE8D61B9
    PID: 1988 (1168) C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
    size: 344139
    MD5: 4C03995321648780E123D9B42827D3D1
    PID: 536 (1168) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    size: 90112
    MD5: 399332484EC3DA416A8691D42023DF56
    PID: 668 (1168) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    size: 72704
    MD5: 0D52AA08491A827FBA10DE8DE0E2885F
    PID: 764 (1168) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    size: 731840
    MD5: A5F63285C1B6C4B396D9ACE0DFFC88EF
    PID: 856 (1168) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    size: 870672
    MD5: 53CCA6B4DF0977074E85C9A18F42B5CC
    PID: 596 (1168) C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
    size: 196704
    MD5: 4A58B52E866BC50F81F63FE181384982
    PID: 1044 (1168) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    size: 112152
    MD5: 213822072085B5BBAD9AF30AB577D817
    PID: 1620 (1168) C:\Program Files\Intel\AMT\LMS.exe
    size: 174616
    MD5: 6A38BF67BBA38E8087F2A0F05FAB6DE7
    PID: 2204 (1168) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    size: 473360
    MD5: 7C4391419852DFC331F6AF620C33AF3C
    PID: 2240 (1168) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2284 (1168) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    size: 750904
    MD5: 1C7B8E69BF9557A17A17F2120892ACF9
    PID: 2328 (1168) C:\WINDOWS\System32\TPHDEXLG.exe
    size: 39976
    MD5: 5A726E3CC83655EF71912C4775D004F9
    PID: 2416 (1168) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    size: 779576
    MD5: DDD4A2C9A37B93C7D8A539F785572565
    PID: 2432 (1168) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    size: 520192
    MD5: D6EE5DCB3EC401BAA10395809047935E
    PID: 2452 (1168) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    size: 950272
    MD5: 0DB73F3FB565CF028C7458C70FA59121
    PID: 2492 (1168) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    size: 1155072
    MD5: 6C69FE90F0CC12EF0638AE10DFA4DB4E
    PID: 2516 (1168) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    size: 360448
    MD5: 22A001F3FBB92E3811C3BFD8FDAD3ED3
    PID: 2552 (1168) C:\WINDOWS\system32\wdfmgr.exe
    size: 38912
    MD5: AB0A7CA90D9E3D6A193905DC1715DED0
    PID: 2584 (1168) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    size: 2058776
    MD5: FA84735377D00E12597D2A1D8D2C320E
    PID: 2668 (1168) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    size: 53248
    MD5: F4BE7426345FEE3FF88834CDEA77E9A1
    PID: 2696 (1168) c:\program files\lenovo\system update\suservice.exe
    size: 28672
    MD5: ECC419E6AC1FE8EA5F9E792D2C9B1737
    PID: 2764 (1168) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    size: 212992
    MD5: 99B521BC52FA1517D917EF53D920F0C5
    PID: 3096 (1168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    size: 346720
    MD5: 84188314C5F1B10B20F624C1343A0C49
    PID: 3200 (1452) C:\WINDOWS\system32\wbem\wmiprvse.exe
    size: 227840
    MD5: 798A9E6828997EEF4517ADA8A2259831
    PID: 3324 (2764) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    size: 126976
    MD5: 51C4DD645935159ED2CD8458F8A50DB0
    PID: 3696 (1168) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 8C515081584A38AA007909CD02020B3D
    PID: 2864 ( 644) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 524288
    MD5: 65EB543EFEB395DDF4E0BB764DE089D0
    PID: 3524 ( 644) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    size: 60192
    MD5: 9423689404249FF340B1009ACFE60465
    PID: 1984 ( 644) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    size: 68976
    MD5: 0BF10B23779565BC472BEEBE3B9A20D9
    PID: 3556 ( 644) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    size: 124248
    MD5: 0FE121EF4E7EA2132CBC283C662F2425
    PID: 3612 ( 644) C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: 037B1E7798960E0420003D05BB577EE6
    PID: 3628 (2864) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 122880
    MD5: 125481AFA36D3E3AB44E3D745DBA05EB
    PID: 3664 (3636) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    size: 49152
    MD5: 33C014C1709F7222CEFF61B780EDC967
    PID: 3748 ( 644) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    size: 256576
    MD5: 13FF0C420AECEB92FB0AD83A9A11A977
    PID: 3752 ( 644) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    size: 3093816
    MD5: 91CFBFC27586DB0EE3AE5E324583F910
    PID: 3408 ( 644) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    size: 2029640
    MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943
    PID: 3680 ( 644) C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    size: 15136
    MD5: 33FD3FA73602A600FDB2D4B655903454
    PID: 3956 ( 644) C:\Program Files\Google\Google Talk\googletalk.exe
    size: 3739648
    MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
    PID: 3884 ( 644) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 3883856
    MD5: D39DA5B7139B4B5147B3C6A94978B5AA
    PID: 4000 (1984) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    size: 67432
    MD5: 72D9419E4AA1C40C9E34821722D335C8
    PID: 2692 (1984) C:\Program Files\Lenovo\Zoom\TpScrex.exe
    size: 128368
    MD5: 58CBD24C7BD44388CD516DE81C0ACAFF
    PID: 3784 ( 644) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
    PID: 3660 ( 644) C:\Program Files\Skype\Phone\Skype.exe
    size: 22880040
    MD5: 72F095A18223E1072F242EA25D1C6E8E
    PID: 2176 ( 644) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    size: 604776
    MD5: 245B2ED592C5763D12203856E861CC31
    PID: 812 ( 644) C:\Program Files\palmOne\Hotsync.exe
    size: 471040
    MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
    PID: 2644 (3664) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    size: 49152
    MD5: BA7D56C1F3DD385EE58ADDA14C6FFB54
    PID: 3308 (1452) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
    size: 1456768
    MD5: CB3A8823ED587BCD476387A8155170D3
    PID: 3840 (3752) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    size: 865592
    MD5: CC1D3E199BF1EEAF4B2FE07B17DD8C29
    PID: 728 (3660) C:\Program Files\Skype\Plugin Manager\skypePM.exe
    size: 2040776
    MD5: 942A6D257DBDA957C4B19169B3BBBC7D
    PID: 4136 (1452) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    size: 27512
    MD5: 654480EA67078C7B4C6C8BA871B07D5D
    PID: 848 (1168) C:\Program Files\Java\jre6\bin\jqs.exe
    size: 153376
    MD5: 09417134F248DFCEEA15C72BCC87F592
    PID: 3048 (5976) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    size: 341616
    MD5: 80660C611B596FFE8AF4074B31AA6FB7
    PID: 5764 ( 644) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    size: 199688
    MD5: 8219160C141B505AB5C112F73405C348
    PID: 6108 (1452) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    size: 12314456
    MD5: 677DFF359C288A2F2CDE810BFF049E7F
    PID: 5712 ( 644) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 908280
    MD5: 4F201BA5F08B6726A32886655DA53FB1
    PID: 4580 ( 644) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 6064 (4580) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638816
    MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
    PID: 880 ( 644) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 3172 ( 644) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    size: 1312080
    MD5: C5FCC0B761069FABD59E41B7C3280DDF
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 12/10/2009 09:34:09

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.walla.co.il/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] SEQPACKET 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •