Email event

View previous topic View next topic Go down

Email event

Post by MtnGoat on Thu Mar 19, 2009 6:22 pm

Hi There,
This morning when I was opening subfolder in my Outlook my computer began to make a consistent 'dingind' sound like when doing a backspace in a window that wont accept it (I hope that makes sense!). At the same time, Outlook basically took on a life of its own. It started scrolling through all my emails. When I opened the windows of the two emails that I was in the middle of writing, they were being deleted before my eyes as if someone was holding down the backspace button. I could open and close different windows, but there was no way to stop it. I unplugged the router and closed Outlook and eventually it stopped.

I did a virus scan with my Avast and it found two trojans that I put in the chest. Forgive me, I'm relatively computer illiterate and cant seem to find what their names are/were.

Nothing seems to be wrong with the system now. I did all the updates asked of me prior to posting and am just looking to see if there was anything I should do to make sure I am actually clean. It was very 'Hollywood moviesque' to see that happening before my eyes. My fear is that I dont know the extent of the damage, if any, and if there is still a virus present.

Thanks very much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:24 AM, on 19/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chris\Downloads\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files (x86)\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [wanActivate] "C:\Program Files (x86)\lenovo\ActivateWan\WanActivate.exe" -check
O4 - HKLM\..\Run: [ACTray] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [LaerdalUpdateAgent] C:\Program Files (x86)\Laerdal Sophus\UpdateAgent\LaerdalUpdateAgent.exe "lang:C:\Program Files (x86)\Laerdal Sophus\UpdateAgent\en"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 6:23 pm

O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98f998b14e360) (gupdate1c98f998b14e360) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Unknown owner - C:\Windows\system32\IPSSVC.EXE (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Chris\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files (x86)\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 19106 bytes

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 6:50 pm

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  • You may need to use more than one post to get it all on the forum.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:37 pm

The program stops responding when it is "Scanning service: AEADFilters..."

I tried it twice, and it would not get past this hang up.

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:47 pm

OTViewIt logfile created on: 19/03/2009 1:30:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Chris\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.98 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.31% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.65 Gb Total Space | 30.77 Gb Free Space | 21.72% Space Free | Partition Type: NTFS
Drive D: | 148.92 Gb Total Space | 68.89 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 0.56 Gb Free Space | 7.50% Space Free | Partition Type: FAT32
Drive F: | 149.01 Gb Total Space | 85.14 Gb Free Space | 57.13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 298.02 Gb Total Space | 203.15 Gb Free Space | 68.17% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: CHRIS-CTOMS
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/10/24 13:32:46 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
[2008/10/27 12:01:18 | 00,116,000 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
[2008/01/19 01:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe
[2009/02/15 12:16:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2008/11/20 12:30:02 | 00,066,848 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
[2007/08/24 15:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[2007/08/09 12:40:54 | 00,779,576 | ---- | M] (IBM) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
[2007/01/08 22:03:26 | 00,569,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
[2007/01/08 22:01:46 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
[2008/10/27 12:01:20 | 00,238,880 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
[2007/01/08 21:49:46 | 00,022,016 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\Logger\logmon.exe
[2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/10/27 11:28:06 | 00,565,248 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
[2007/08/24 15:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
[2008/09/30 17:37:28 | 00,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
[2008/03/24 15:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
[2008/10/24 16:29:38 | 00,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
[2007/11/29 12:04:00 | 00,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
[2006/11/02 03:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exe
[2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
[2007/03/28 11:32:00 | 00,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
[2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[2008/10/02 10:23:16 | 00,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
[2008/09/01 04:02:00 | 00,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
[2007/03/13 11:05:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
[2009/01/15 12:15:08 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2008/10/27 12:01:22 | 00,431,392 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
[2008/10/27 12:01:26 | 00,148,768 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
[2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/10/14 22:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/03/01 23:22:00 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
[2007/08/24 15:52:42 | 00,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
[2007/08/14 03:44:38 | 00,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
[2007/05/17 17:35:28 | 00,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
[2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2006/06/14 14:20:06 | 00,036,864 | ---- | M] ( ) -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
[2007/07/09 14:40:30 | 01,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2008/09/01 04:02:00 | 00,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
[2009/03/11 13:52:26 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
[2007/08/24 15:52:02 | 00,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
[2008/03/05 12:13:53 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
[2008/01/19 01:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
[2007/08/09 13:28:28 | 01,049,912 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_tray.exe
[2008/11/20 12:30:30 | 00,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe
[2008/05/26 23:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchProtocolHost.exe
[2009/03/19 13:30:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTViewIt(2).exe

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:48 pm

========== (O23) Win32 Services ==========

[2008/10/27 12:01:18 | 00,116,000 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
[2008/10/27 12:01:20 | 00,238,880 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
[2008/03/03 22:09:22 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
File not found -- -- (AEADIFilters [Auto | Running])
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/27 12:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2007/06/18 19:38:14 | 00,626,796 | ---- | M] (Diskeeper Corporation) -- C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Stopped])
File not found -- -- (DPS [Unknown | Running])
[2008/08/20 18:16:10 | 01,449,984 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/03/05 12:13:53 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/06/19 19:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
File not found -- -- (gpsvc [Unknown | Running])
[2009/02/15 12:16:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c98f998b14e360 [Auto | Stopped])
File not found -- -- (IBMPMSVC [Auto | Running])
[2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
File not found -- -- (IPSSVC [Auto | Running])
[2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2006/11/02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/06/19 19:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/19 01:33:19 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/11/20 12:30:02 | 00,066,848 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running])
[2008/08/20 17:39:28 | 00,826,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/08/24 15:53:14 | 00,072,176 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10 [On_Demand | Stopped])
[2007/01/12 04:33:14 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/08/24 15:53:16 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10 [Auto | Stopped])
[2007/01/12 04:32:48 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/08/24 15:52:48 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10 [Auto | Stopped])
[2007/08/24 15:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Running])
[2007/04/22 15:01:18 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/08/24 15:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10 [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/19 01:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (SessionLauncher [Auto | Stopped])
[2007/02/10 11:03:26 | 00,156,016 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2007/05/30 10:26:26 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
File not found -- -- (TPHDEXLGSVC [Auto | Running])
[2008/10/24 13:32:46 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC [Auto | Running])
[2007/08/09 12:40:54 | 00,779,576 | ---- | M] (IBM) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
[2007/01/08 22:03:26 | 00,569,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
[2007/01/08 22:01:46 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/01/19 02:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
File not found -- -- (XAudioService [Auto | Running])

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:49 pm

========== Driver Services ==========

File not found -- -- (ADIHdAudAddService [On_Demand | Running])
[2008/01/19 02:12:01 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/19 02:11:40 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/19 02:10:01 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/19 02:11:12 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2009/02/01 14:17:43 | 00,010,664 | ---- | M] () -- C:\Windows\AegisP.cat -- (AegisP [Auto | Running])
[2008/03/01 23:31:53 | 00,018,488 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/19 02:09:34 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/19 02:09:37 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (aswFsBlk [Auto | Running])
File not found -- -- (aswMonFlt [Auto | Running])
File not found -- -- (aswRdr [System | Running])
File not found -- -- (aswSP [System | Running])
File not found -- -- (aswTdi [System | Running])
[2006/09/18 15:30:15 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/09/18 15:30:15 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (CAXHWAZL [On_Demand | Running])
[2008/03/01 23:31:52 | 00,020,536 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/16 11:27:26 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC [System | Running])
File not found -- -- (DLABMFSE [Auto | Running])
File not found -- -- (DLABOIOE [Auto | Running])
File not found -- -- (DLACDBHE [System | Running])
File not found -- -- (DLADResE [Auto | Running])
File not found -- -- (DLAIFS_E [Auto | Running])
File not found -- -- (DLAOPIOE [Auto | Running])
File not found -- -- (DLAPoolE [Auto | Running])
File not found -- -- (DLARTL_E [System | Running])
File not found -- -- (DLAUDFAE [Auto | Running])
File not found -- -- (DLAUDF_E [Auto | Running])
File not found -- -- (DRVECDB [Boot | Running])
File not found -- -- (DRVEDDM [Auto | Running])
[2008/01/05 05:22:48 | 00,317,952 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1e3e.inf_31bf3856ad364e35_6.0.6001.18000_none_be74415a049dfa61\e1e6032e.sys -- (e1express [On_Demand | Running])
[2008/01/05 05:22:47 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 02:11:53 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
File not found -- -- (GEARAspiWDM [On_Demand | Running])
[2008/01/19 02:08:42 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
File not found -- -- (HPFXBULK [On_Demand | Running])
[2006/09/18 15:38:12 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTAZL6.SYS -- (HSFHWAZL [On_Demand | Stopped])
File not found -- -- (HSF_DPV [On_Demand | Running])
File not found -- -- (iaStor [Boot | Running])
[2008/01/19 02:11:31 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found -- -- (IBMPMDRV [On_Demand | Running])
File not found -- -- (lenovo.smi [System | Running])
[2008/01/19 02:09:57 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/19 02:09:48 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/19 02:09:56 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/06/18 23:26:00 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\System32\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
[2008/01/19 02:08:18 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/16 11:10:56 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (NETw5v64 [On_Demand | Running])
[2008/01/19 00:36:12 | 00,036,352 | ---- | M] (National Semiconductor Corporation) -- C:\Windows\WinSxS\amd64_irnsc.inf_31bf3856ad364e35_6.0.6001.18000_none_f2f03ee32d5dd396\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
[2006/10/13 21:04:34 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/19 02:10:12 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/19 02:08:50 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
File not found -- -- (PROCDD [Auto | Running])
[2007/05/26 01:27:28 | 00,011,199 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\psadd.cat -- (psadd [On_Demand | Running])
File not found -- -- (PxHlpa64 [Boot | Running])
[2008/01/19 02:12:10 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found -- -- (rimmptsk [Auto | Running])
File not found -- -- (rimsptsk [Auto | Running])
File not found -- -- (rismxdp [Auto | Running])
[2007/08/18 03:09:04 | 00,065,520 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter [System | Stopped])
[2006/09/29 17:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
File not found -- -- (Shockprf [Boot | Running])
[2008/01/19 02:09:28 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/11/21 01:11:54 | 00,013,840 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp2 [Auto | Running])
File not found -- -- (SWMX01 [On_Demand | Running])
File not found -- -- (SWNC5E01 [On_Demand | Running])
File not found -- -- (SynTP [On_Demand | Running])
[2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
File not found -- -- (TcUsb [On_Demand | Running])
File not found -- -- (TPDIGIMN [Boot | Running])
[2006/09/18 15:44:13 | 00,144,862 | ---- | M] () -- C:\Windows\System32\tpm.msc -- (TPM [On_Demand | Running])
[2007/12/06 11:11:00 | 00,013,104 | ---- | M] () -- C:\Windows\System32\drivers\TPPWR64V.SYS -- (TPPWRIF [System | Running])
File not found -- -- (tvtfilter [Auto | Running])
[2007/05/26 01:27:24 | 00,012,070 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\tvti2c.cat -- (TVTI2C [On_Demand | Running])
[2008/01/19 02:11:28 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:51:19 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/03/01 23:31:53 | 00,020,536 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 02:10:22 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])
File not found -- -- (winachsf [On_Demand | Running])
[2008/01/19 01:36:56 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll -- (WINUSB [On_Demand | Stopped])
File not found -- -- (XAudio [Auto | Running])

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:49 pm

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://lenovo.live.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Start Page"=http://lenovo.live.com
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} (HKLM) -- C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
{F040E541-A427-4CF7-85D8-75E3E0F476C5} (HKLM) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"ACTray"=C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
"ACWLIcon"=C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWlIcon.exe (Lenovo)
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"BLOG"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog ()
"DiskeeperSystray"="C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"DMXLauncher"="C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe" ()
"EZEJMNAP"=C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPUsageTracking"="C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" ( )
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
"LPMailChecker"=C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
"LPManager"=C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe" (Roxio)
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"ToolBoxFX"="C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on (HP)
"TPFNF7"="C:\Program Files (x86)\Lenovo\NPDIRECT\TPFNF7SP.exe" /r (Lenovo Group Limited)
"TVT Scheduler Proxy"=C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
"wanActivate"="C:\Program Files (x86)\lenovo\ActivateWan\WanActivate.exe" -check ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"LaerdalUpdateAgent"=C:\Program Files (x86)\Laerdal Sophus\UpdateAgent\LaerdalUpdateAgent.exe -- [2005/09/27 12:27:42 | 01,376,364 | ---- | M] (Laerdal)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:50 pm

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download FLV by WinAVI...: C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm [2008/03/14 14:36:05 | 00,002,090 | ---- | M] ()
Append to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE File not found
Send image to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 14:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{0045D4BC-5189-4b67-969C-83BB1906C421}: Menu: ThinkVantage Password Manager... -- %ProgramFiles%\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007/08/09 13:28:32 | 00,869,688 | ---- | M] (Lenovo Group Limited)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Send To Bluetooth -- %SystemDrive%\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Send to &Bluetooth Device... -- %SystemDrive%\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()
{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC}: Button: WinAVI FLV Manager -- %ProgramFiles%\WinAVI FLV Converter\FLVTune.dll [2008/01/28 04:59:08 | 00,114,688 | ---- | M] (ZJMedia)
{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC}: Menu: WinAVI FLV Manager -- %ProgramFiles%\WinAVI FLV Converter\FLVTune.dll [2008/01/28 04:59:08 | 00,114,688 | ---- | M] (ZJMedia)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Send To Bluetooth] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = [You must be registered and logged in to see this link.]
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{1E272493-AF83-47F7-9DD6-740B9FEBE9A2} (Servers: | Description: Intel(R) 82566MM Gigabit Network Connection)
{283915EA-4ECE-4413-8C18-54F673B02732} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{5D4C5D9A-5272-450A-B4A4-D3AE00F5DEFC} (Servers: | Description: )
{984AEBEA-0B50-4C76-8FA4-E01FB5270A80} (Servers: | Description: Intel(R) Wireless WiFi Link 4965AGN)
{BE665D44-D99A-46EE-A829-5653C31510BD} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{E7DFD5C7-554E-4B71-A53B-5EBB1E2822EB} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{EE80CC40-79EA-476D-82E2-818D4CE25F16} (Servers: | Description: )
{F443B826-768A-42F0-AE23-07E21FB7C8B7} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 01:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 01:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun []
[2007/05/21 09:01:06 | 00,000,000 | ---D | M] -- F:\autorun -- [ FAT32 ]

autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ]
[2005/11/15 11:08:04 | 00,000,036 | -H-- | M] () -- F:\autorun.inf -- [ FAT32 ]

autorun.inf [[autorun] | open=WDSetup.exe | ICON=AUTORUN\WDLOGO.ICO | ]
[2008/02/25 10:34:30 | 00,000,054 | -H-- | M] () -- H:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3525e34f-a662-11dd-bdf1-00a0d5ffff85}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3525e34f-a662-11dd-bdf1-00a0d5ffff85}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ecb88d4-3b59-11dd-b373-00a0d5ffff85}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2008/11/06 07:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ecb88d4-3b59-11dd-b373-00a0d5ffff85}\Shell\Open(&0)\command]
""=Recycled\ctfmon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7347e995-1af6-11dd-b87e-00a0d5fffe85}\Shell\AutoRun\command]
""=WDSetup.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6db7dbb-23f0-11dd-af47-00a0d5fffd85}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2008/11/06 07:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6db7dbb-23f0-11dd-af47-00a0d5fffd85}\Shell\Open(&0)\command]
""=Recycled\ctfmon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=WDSetup.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
""=WDSetup.exe

========== Files/Folders - Created Within 30 Days ==========

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 7:51 pm

[1 C:\Users\Chris\Documents\*.tmp files]
[7 C:\Users\Chris\Desktop\*.tmp files]
[2009/03/19 11:08:34 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/19 11:08:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/19 11:08:29 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/19 11:08:28 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/19 11:08:27 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/19 11:08:27 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/19 11:08:08 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/19 11:08:03 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/19 11:01:29 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/19 11:01:06 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/19 11:00:52 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/19 11:00:37 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/19 11:00:27 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/19 10:50:37 | 00,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2009/03/19 10:50:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2009/03/19 10:49:28 | 00,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/03/19 10:46:35 | 00,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Adobe Reader 9 Installer
[2009/03/19 10:41:31 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/03/19 10:41:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2009/03/19 10:14:31 | 00,062,976 | ---- | C] () -- C:\Users\Chris\Desktop\Master Consultants Agreement - Abridged 06 09 22.doc
[2009/03/12 08:56:01 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/03/12 08:55:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/03/12 08:55:28 | 00,000,000 | ---D | C] -- C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
[2009/03/12 08:55:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/03/12 08:53:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/03/11 14:28:01 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 11:01:18 | 00,040,273 | ---- | C] () -- C:\Users\Chris\Desktop\Copy of Inventory 2009 (2).xlsx
[2009/03/10 13:35:58 | 08,553,406 | ---- | C] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09_F.docx
[2009/03/10 13:35:58 | 07,369,037 | ---- | C] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09.docx
[2009/03/08 14:52:23 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Bluetooth Exchange Folder
[2009/03/06 09:51:21 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/03/05 14:32:17 | 00,297,832 | ---- | C] () -- C:\Users\Chris\Desktop\CTOMs_T&E_Form.pdf
[2009/03/03 10:02:19 | 00,000,162 | -H-- | C] () -- C:\Users\Chris\Desktop\~$cumentation.doc
[2009/03/02 20:55:02 | 00,369,138 | ---- | C] () -- C:\Users\Chris\Documents\Ack Form.pdf
[2009/03/01 15:34:54 | 00,271,149 | ---- | C] () -- C:\Users\Chris\Desktop\2009 Price Change Letter.pdf
[2009/02/26 15:11:15 | 00,064,126 | ---- | C] () -- C:\Users\Chris\Desktop\CTOMS_TCCCGuidelines_For Translation.docx
[2009/02/26 12:11:08 | 00,194,983 | ---- | C] () -- C:\Users\Chris\Desktop\Calgary Contract Final.pdf
[2009/02/26 08:18:38 | 00,058,317 | ---- | C] () -- C:\Users\Chris\Desktop\Calgary Contract Final.docx
[2009/02/25 18:25:50 | 00,015,995 | ---- | C] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.docx
[2009/02/23 23:27:20 | 00,000,393 | ---- | C] () -- C:\Users\Public\Documents\BluetoothLog.html
[2009/02/23 13:49:17 | 00,245,271 | ---- | C] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.pdf
[2009/02/18 12:15:35 | 00,001,864 | ---- | C] () -- C:\Users\Chris\Desktop\Suunto Track Exporter.lnk
[2009/02/18 12:15:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Suunto Track Exporter
[2009/02/18 12:13:56 | 00,202,048 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftd2xx.dll
[2009/02/18 12:13:54 | 00,684,377 | ---- | C] () -- C:\Windows\unins000.exe
[2009/02/18 12:13:54 | 00,004,281 | ---- | C] () -- C:\Windows\unins000.dat
[2009/02/18 12:13:54 | 00,000,902 | ---- | C] () -- C:\Users\Chris\Desktop\Suunto Trek Manager.lnk
[2009/02/18 12:13:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Suunto Trek Manager

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[1 C:\Users\Chris\Documents\*.tmp files]
[7 C:\Users\Chris\Desktop\*.tmp files]
[2009/03/19 12:44:31 | 00,002,583 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office OneNote 2007.lnk
[2009/03/19 11:27:44 | 00,290,959 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/03/19 11:24:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/19 11:24:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/19 11:22:31 | 00,055,240 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/03/19 11:21:55 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/03/19 11:21:00 | 03,276,703 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2009/03/19 10:50:37 | 00,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2009/03/19 10:49:28 | 00,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/03/19 10:14:33 | 00,062,976 | ---- | M] () -- C:\Users\Chris\Desktop\Master Consultants Agreement - Abridged 06 09 22.doc
[2009/03/16 09:26:22 | 00,000,333 | ---- | M] () -- C:\Windows\win.ini
[2009/03/16 09:26:21 | 00,290,959 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/03/12 08:56:01 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/03/11 11:01:18 | 00,040,273 | ---- | M] () -- C:\Users\Chris\Desktop\Copy of Inventory 2009 (2).xlsx
[2009/03/10 10:33:48 | 00,235,008 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 06:06:26 | 07,369,037 | ---- | M] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09.docx
[2009/03/10 05:57:06 | 08,553,406 | ---- | M] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09_F.docx
[2009/03/09 17:03:52 | 00,002,188 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2009/03/08 15:36:27 | 00,000,393 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2009/03/05 14:32:19 | 00,297,832 | ---- | M] () -- C:\Users\Chris\Desktop\CTOMs_T&E_Form.pdf
[2009/03/03 10:02:19 | 00,000,162 | -H-- | M] () -- C:\Users\Chris\Desktop\~$cumentation.doc
[2009/03/02 20:55:02 | 00,369,138 | ---- | M] () -- C:\Users\Chris\Documents\Ack Form.pdf
[2009/03/01 15:34:55 | 00,271,149 | ---- | M] () -- C:\Users\Chris\Desktop\2009 Price Change Letter.pdf
[2009/02/28 18:33:55 | 00,071,168 | ---- | M] () -- C:\Users\Chris\Desktop\Documentation.doc
[2009/02/26 15:11:16 | 00,064,126 | ---- | M] () -- C:\Users\Chris\Desktop\CTOMS_TCCCGuidelines_For Translation.docx
[2009/02/26 12:11:12 | 00,194,983 | ---- | M] () -- C:\Users\Chris\Desktop\Calgary Contract Final.pdf
[2009/02/26 12:10:49 | 00,058,317 | ---- | M] () -- C:\Users\Chris\Desktop\Calgary Contract Final.docx
[2009/02/25 18:25:51 | 00,015,995 | ---- | M] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.docx
[2009/02/23 13:49:20 | 00,245,271 | ---- | M] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.pdf
[2009/02/18 22:01:25 | 00,013,332 | ---- | M] () -- C:\Users\Chris\Desktop\Pictures_Feb2009.docx
[2009/02/18 12:15:57 | 00,004,281 | ---- | M] () -- C:\Windows\unins000.dat
[2009/02/18 12:15:53 | 00,684,377 | ---- | M] () -- C:\Windows\unins000.exe
[2009/02/18 12:15:35 | 00,001,864 | ---- | M] () -- C:\Users\Chris\Desktop\Suunto Track Exporter.lnk
[2009/02/18 12:13:54 | 00,000,902 | ---- | M] () -- C:\Users\Chris\Desktop\Suunto Trek Manager.lnk
< End of report >

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 7:58 pm

Hello.
There is a number of pdf files sat on your Desktop, do know what these pdf files are?
C:\Users\Chris\Desktop\CTOMs_T&E_Form.pdf
C:\Users\Chris\Documents\Ack Form.pdf
C:\Users\Chris\Desktop\2009 Price Change Letter.pdf

I'm only seeing some mountpoints from a flash drive infection.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ecb88d4-3b59-11dd-b373-00a0d5ffff85}]
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6db7dbb-23f0-11dd-af47-00a0d5fffd85}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
    "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}"=-
    "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}"=-
    "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 8:01 pm

I am aware of the PDF files. These are ones I am currently working on. I'll go ahead with your instructions now. Thanks very much for your help.

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 8:04 pm

Says:
"Cannot import C:\Userers\Chris\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor."

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 8:08 pm

Hello.
You haven't included this as the TOP line:

Windows Registry Editor Version 5.00

If that line isn't present, registry scripts won't work.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 8:10 pm

Second time is a charm. Is there anything else I need to do?

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 8:14 pm

I would advice you to follow my next instructions for turning off autoplay, because this is how the infection probably got in judging from the mountpoints set in the registry.

This will stop any windows from opening when you plug in USB or put in a CD, and you'll have to enter the drive manually.
But better safe than sorry.

Let me know if you want to do that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 8:21 pm

Yes of course. I dont mind manually opening it the drive every time.

A problem I have with one of my external hard drives is that I cannot 'safely remove' it because it says that it is running an open program, when I have no files open on it. It is plugged in right now, and when I did the scans and logs. Is there a virus on it? Or was it solved with what we just did?

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 8:29 pm

Okay.
Time for another registry script.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7347e995-1af6-11dd-b87e-00a0d5fffe85}]
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3525e34f-a662-11dd-bdf1-00a0d5ffff85}]
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000FF
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000FF

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 8:33 pm

Ok, all done successfully. Anything else? What exactly just happened?

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 8:36 pm

The first registry script removed a malicious mountpoint for loading a file on the external drive.

The second removes other mountpoints loading wdsetup.exe (legit software for the drive so the drive has the WD icon it shows in My Computer), hopefully that fixes the eject error, then sets a policy in the registry that stops USB/CD from loading with a set instructions.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 8:39 pm

Wow, excellent. Thanks very much for all your help!!!

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 8:43 pm

No problem.
How's the machine running now?

Note: Becareful what emails you open, it's too easy to fake email addresses nowadays.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 9:03 pm

I did two restarts. The first one didnt go very smooth and didnt open the sidebar or any of the startup programs. The second one was much better. The external hard drive can be safely removed, so far, but it still doesnt display the WD icon. Its the generic 'unrecognized file type' icon. Any idea how to fix that?

As for email, I am VERY careful of what email I open, and dont have a clue which one may have caused what happened. Any tips for future security? Is the Avast anitvirus good enough? Any recommendations on a better protection system? Thanks again for all your time and help.

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email event

Post by Belahzur on Thu Mar 19, 2009 9:07 pm

Hello.
Turning off autoplay does stop the WD-icon from showing, that's one side effect, but you'll get used to it like I have. Smile

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email event

Post by MtnGoat on Thu Mar 19, 2009 9:13 pm

Outstanding! Again, thank you so much. What an incredible resource you have been.

MtnGoat
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-03-19
OS OS : Vista
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum