View Full Version : Antimalware Doctor + More
Hi,
So recently my computer was infected with Antimalware Doctor, it was very aggressive, upon starting up my computer it would completely freeze, I couldn't access the internet at all etc, so I sent my computer to the very helpful IT department at work and they "fixed" it.
I got my computer back, and Antimalware Doctor seems to be gone, however after running my computer for only a few hours another malware popped up, this time it is "l84alx.exe"
So I am thinking maybe my computer wasn't completely cleaned.
Please see the two DDS reports below.
Thank you so much for all of your time and help, it's really appreciated, I absolutely respect your expertise in this area as if it were up to me to fix my computer alone I'd be a foetal pile of overwhelmed gibberish.
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 12:10:47.23 on Sun 07/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2121 [GMT 10:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Virtualwind\Virtualwind 2.1\bin\smpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
mDefault_Page_URL = hxxp://au.my.yahoo.com/linksys
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
uWinlogon: Shell=explorer.exe,c:\documents and settings\user\application data\sbeb.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Ggaxiyohupo] rundll32.exe "c:\windows\iqifogutudi.dll",Startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mExplorerRun: [tcyz46] c:\docume~1\user\locals~1\temp\l84alx.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264553811218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279689959812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: LMIinit - LMIinit.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli psqlpwd ACGina
============= SERVICES / DRIVERS ===============
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-3 19760]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-14 47640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-1-27 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\virtualwind\virtualwind 2.1\bin\smpd.exe [2008-10-24 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-9 569344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 177864]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [2007-1-13 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [2007-1-13 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-14 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-7-21 18432]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Netdpntf;Netdpntf; [x]
============== File Associations ===============
.scr=AutoCADScriptFile
.txt=
=============== Created Last 30 ================
2010-07-21 04:51:20 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-07-21 04:44:04 1061 ----a-w- c:\windows\lsrslt.ini
2010-07-21 01:46:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46:34 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42:34 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42:34 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40:46 0 d-----w- c:\program files\iPod
2010-07-21 01:40:39 0 d-----w- c:\program files\iTunes
2010-07-21 01:40:39 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:38:36 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38:36 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38:31 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38:31 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38:15 0 d-----w- c:\program files\Bonjour
2010-07-21 00:06:08 0 d-----w- c:\windows\pss
2010-07-20 23:24:48 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-07-20 23:24:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 23:24:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-20 07:04:20 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
2010-07-20 07:04:16 0 d-----w- c:\windows\system32\mswindows
2010-07-20 07:03:52 0 d-----w- c:\docume~1\user\applic~1\F400F8B8985528E4E912D13028716DB6
2010-07-09 03:57:29 0 d-----w- c:\program files\Yahoo!
2010-07-09 03:57:17 0 d-----w- c:\program files\Linksys
2010-07-09 01:39:06 0 d-----w- c:\program files\Pure Networks
2010-07-09 01:38:37 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 01:38:32 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 01:38:26 0 d-----w- c:\program files\common files\Pure Networks Shared
2010-07-09 01:37:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2010-06-29 08:27:14 0 d-----w- c:\docume~1\user\applic~1\EndNote
2010-06-29 07:54:01 0 d-----w- c:\program files\common files\Risxtd
2010-06-29 07:53:56 0 d-----w- c:\program files\common files\ResearchSoft
2010-06-29 07:53:25 0 d-----w- c:\program files\EndNote X4
2010-06-29 07:53:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Thomson.ResearchSoft.Installers
2010-06-29 07:52:20 0 d-----w- c:\program files\common files\Wise Installation Wizard
==================== Find3M ====================
2010-07-23 09:20:40 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-05-18 06:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-15 19:05:36 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-27 00:42:52 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012720100128\index.dat
============= FINISH: 12:11:50.42 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2008 5:30:53 AM
System Uptime: 7/25/2010 11:14:42 AM (1 hours ago)
Motherboard: LENOVO | | 6460A48
Processor: Intel Pentium III Xeon processor | None | 777/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 181 GiB total, 7.624 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS
Adobe Reader 8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArchiCAD 11 AUS
AutoCAD Architecture 2009
Autodesk Design Review 2009
Autodesk DWF Viewer 7
Bonjour
Canon iX4000
Canon MP150
Cisco Network Magic
Client Security Solution
Diskeeper Lite
DivX Web Player
EndNote X4
ERUNT 1.1j
Google Chrome
Google Earth
Google SketchUp Pro 7
Google Update Helper
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Integrated Camera
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee Virtual Technician
McAfee VirusScan Enterprise
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Multiframe 12.02 Demo
Multiframe3D 10 Academic
Multiframe3D 12.02 Academic
mWlsSafe
Nero 7 Ultra Edition
Network Magic
NVIDIA Drivers
On Screen Display
Presentation Director
PrimoPDF -- by Nitro PDF Software
Productivity Center Supplement for ThinkPad
Pure Networks Platform
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
ResearchSoft Direct Export Helper
Revit Architecture 2008
Secure Multi Track Downloader
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sierra Wireless HSDPA MiniCard
Skype™ 4.2
Smart PDF Creator 5.0.1.343
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
Virtualwind 2.1
VLC media player 1.0.1
Wallpapers
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
XP Themes
Yahoo! Software Update
YASA MP4 Video Converter v3.2 (build 0051)
==== Event Viewer Messages From Past Week ========
7/21/2010 9:11:08 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/21/2010 9:11:00 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/21/2010 2:47:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm TPHKDRV TPPWRIF TSMAPIP
7/21/2010 12:13:50 PM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
7/21/2010 12:11:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/21/2010 11:53:37 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:53:37 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF TSMAPIP
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:00:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2010 11:00:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/21/2010 10:12:19 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
7/21/2010 10:12:19 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
7/20/2010 5:04:22 PM, error: Service Control Manager [7000] - The Intel(r) 82801 Audio Driver Install Service (WDM) service failed to start due to the following error: A device attached to the system is not functioning.
==== End Of File ===========================
Whatever this Malware is the longer it remains on my computer the worse it gets.
My firewall keeps getting turned off, system registry changes, and upon running spybot last night it found about 50 issues.
When I rebooted my computer after the spybot check so many messages popped up upon logging in that my computer froze.
I rebooted it just now and the message I got is:
Error Loading C:\WINDOWS\iqifogutudi.dll
The specific module could not be found
My computer is running slower and slower. I really appreciate any help, I need my computer urgently for my uni work.
Thank you in advance for your time and help.
Hi,
Is this your personal computer or some system at workplace?
Hi, It is my personal computer.
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Thank you for the quick reply,
Before I run combofix could I please have a quick explanation in regards to what "damage" it might do to my computer?
And also if there is anything I should do, or specifically avoid doing so as to lower the risk of damage?
Thanks again for your help!
Hi,
Before I run combofix could I please have a quick explanation in regards to what "damage" it might do to my computer?
There's always a risk that system might become unbootable (one reason why ComboFix should be run only under supervision of trained helper). In your case risk shouldn't be big.
And also if there is anything I should do, or specifically avoid doing so as to lower the risk of damage?
Please follow the tutorial and you should be fine.
Hi again,
so I ran combofix and this is the report.
When combofix rebooted my computer I didn't get the C:\.....dll.exe error I had been getting, so thats a plus.
ComboFix 10-07-30.02 - User 07/31/2010 18:04:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2391 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\enemies-names.txt
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\local.ini
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\lsrslt.ini
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\chrome.manifest
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\chrome\content\_cfg.js
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\chrome\content\overlay.xul
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\install.rdf
c:\windows\system32\mswindows
c:\windows\system32\Thumbs.db
C:\zzzzzzzzzz.exe
c:\zzzzzzzzzz.exe\config.bin
c:\zzzzzzzzzz.exe\zzzzzzzzzz.exe
----- BITS: Possible infected sites -----
hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 07:49 . 2010-07-31 07:49 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-07-31 07:42 . 2010-07-31 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-28 13:34 . 2010-07-28 13:35 -------- d-----w- C:\bdaefde9b0e76aa65ab473361307
2010-07-28 13:04 . 2010-07-28 13:04 -------- d-----w- C:\268c2713d3e721a7079506b16ace6b
2010-07-28 13:04 . 2010-07-28 13:06 -------- d-----w- C:\67f777ba6f13cd04e84e42e98afeeefb
2010-07-28 06:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-28 06:43 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-28 05:33 . 2010-07-28 05:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-28 05:22 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-28 05:05 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-25 02:08 . 2010-07-25 02:08 -------- d-----w- c:\program files\ERUNT
2010-07-21 04:51 . 2010-07-21 04:51 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-07-21 02:14 . 2010-07-21 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-21 01:52 . 2010-07-21 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-21 01:46 . 2008-11-07 08:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40 . 2010-07-21 01:40 -------- d-----w- c:\program files\iPod
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\program files\iTunes
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:39 . 2010-07-21 01:40 -------- d-----w- c:\program files\QuickTime
2010-07-21 01:39 . 2010-07-21 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Apple Software Update
2010-07-21 01:38 . 2010-04-19 10:29 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38 . 2010-04-19 10:29 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38 . 2010-04-19 10:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38 . 2010-04-19 10:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Bonjour
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 07:04 . 2010-07-31 08:14 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
2010-07-20 07:04 . 2010-07-20 07:13 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\xqvcyorls
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-20 23:45 -------- d-----w- c:\program files\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\program files\Linksys
2010-07-09 01:39 . 2010-07-09 01:39 -------- d-----w- c:\program files\Pure Networks
2010-07-09 01:38 . 2009-07-07 04:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 01:38 . 2009-07-07 04:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 01:38 . 2010-07-09 01:38 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-09 01:38 . 2009-08-06 21:56 34223152 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-09 01:37 . 2010-07-09 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 07:49 . 2008-04-15 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-31 07:41 . 2008-04-15 19:31 101336 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 12:40 . 2008-04-16 23:49 -------- d-----w- c:\program files\Microsoft Works
2010-07-27 14:07 . 2010-01-27 01:41 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-07-26 06:32 . 2010-04-17 05:10 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-07-26 06:04 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-21 01:40 . 2010-05-23 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-09 01:38 . 2010-07-09 01:38 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-04 07:21 . 2010-06-06 02:08 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-06-30 10:49 . 2010-03-17 08:17 -------- d-----w- c:\documents and settings\User\Application Data\PrimoPDF
2010-06-30 08:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\EndNote X4
2010-06-30 06:45 . 2010-06-29 08:27 -------- d-----w- c:\documents and settings\User\Application Data\EndNote
2010-06-29 07:54 . 2010-06-29 07:54 -------- d-----w- c:\program files\Common Files\Risxtd
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\Common Files\ResearchSoft
2010-06-29 07:52 . 2010-06-29 07:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\documents and settings\User\Application Data\SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\program files\Secure Multi Track Downloader
2010-06-19 08:32 . 2010-02-12 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 08:31 . 2010-06-19 08:32 53632 ------w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-18 13:38 . 2010-05-14 04:28 -------- d-----w- c:\program files\LogMeIn
2010-06-18 13:37 . 2010-05-23 13:22 -------- d-----w- c:\program files\AVS4YOU
2010-06-18 13:37 . 2010-05-23 13:23 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 13:27 . 2008-04-15 19:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-18 12:35 . 2010-03-05 00:05 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 02:17 . 2010-06-15 02:17 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 01:59 . 2010-02-02 05:04 -------- d-----w- c:\documents and settings\User\Application Data\Autodesk
2010-06-07 12:32 . 2010-02-02 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-07 12:29 . 2010-06-07 12:27 -------- d-----w- c:\program files\Revit Architecture 2008
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Autodesk
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\documents and settings\User\Application Data\Graphisoft
2010-06-07 12:24 . 2010-06-07 12:24 -------- d-----w- c:\program files\Graphisoft
2010-06-06 02:26 . 2010-06-06 02:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 02:05 . 2010-06-06 02:05 -------- d-----w- c:\program files\VideoLAN
2010-06-04 04:33 . 2010-06-04 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-04 04:03 . 2010-06-04 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 06:28 . 2010-05-22 06:28 503808 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcp71.dll
2010-05-22 06:28 . 2010-05-22 06:28 499712 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\jmc.dll
2010-05-22 06:28 . 2010-05-22 06:28 348160 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcr71.dll
2010-05-22 06:28 . 2010-05-22 06:28 61440 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-sse.dll
2010-05-22 06:28 . 2010-05-22 06:28 12800 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-d3d.dll
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35 . 2010-05-18 06:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 09:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSoft PDF Printer Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSoft PDF Printer Agent.lnk
backup=c:\windows\pss\SmartSoft PDF Printer Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2007-03-28 02:56 413696 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2007-03-28 02:51 126976 ------w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-01-31 02:01 2618944 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:42 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-30 08:29 135664 -----tw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-03-22 17:02 120368 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-07 16:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 04:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-14 14:37 13549568 ------w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-14 14:37 86016 ------w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-14 14:37 1630208 ------w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-01-16 19:51 749568 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-28 23:38 925696 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 00:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-03-30 01:40 181808 ------w- c:\windows\system32\TpShocks.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wanActivate]
2007-02-14 21:08 446464 ------w- c:\program files\Lenovo\ActivateWan\WanActivate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 09:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\vwArchitectMPISolver.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\mpiexec.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEMaster.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\smpd.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEExecutor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/3/2007 10:47 AM 19760]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\Virtualwind\Virtualwind 2.1\bin\smpd.exe [10/24/2008 2:36 PM 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 3:10 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/9/2007 6:11 AM 569344]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [1/13/2007 6:26 AM 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [1/13/2007 3:29 AM 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/14/2006 5:42 AM 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 12:23 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/21/2010 11:38 AM 18432]
S4 Netdpntf;Netdpntf; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - nadrb
.
Contents of the 'Scheduled Tasks' folder
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]
2010-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]
2010-07-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-15 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-zzzzzzzzzz.exe - c:\zzzzzzzzzz.exe\zzzzzzzzzz.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-Ggaxiyohupo - c:\windows\iqifogutudi.dll
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-070700Setup - c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\070700Setup.exe
MSConfigStartUp-Ggaxiyohupo - c:\windows\iqifogutudi.dll
MSConfigStartUp-Izequ - c:\windows\mqmods.dll
MSConfigStartUp-uTorrent - c:\windows\System32\mswindows\igfx.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 18:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nadrb]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1716)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
- - - - - - - > 'lsass.exe'(1772)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
- - - - - - - > 'explorer.exe'(4684)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-31 18:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 08:19
Pre-Run: 6,788,087,808 bytes free
Post-Run: 6,718,115,840 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 157F4AA9D438036E587CB977359E3E9B
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
http://forums.spybot.info/showthread.php?p=379164#post379164
Suspect::
c:\windows\system32\drivers\nadrb.sys
Driver::
Netdpntf
DirLook::
c:\documents and settings\User\Local Settings\Application Data\xqvcyorls
Folder::
c:\documents and settings\User\Application Data\uTorrent
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows, disable protection and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Hi,
Unsure if the CFScript worked as when it started running it said combofix had a new version, did I want to update?
I said yes...
Then I think it ran exactly as it did last time,
was it supposed to do something differently?
Please see below.
If this is in fact correct then I will post up the other report, otherwise I'll run the CFScript again and then continue.
Also, even though I have disabled McAfee it seems it might still be interfering, which is quite worrying. I'm debating if it's worth uninstalling it completely.
Again, thanks so much for your time!
ComboFix 10-07-30.04 - User 08/01/2010 0:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2283 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Application Data\uTorrent
c:\documents and settings\User\Application Data\uTorrent\Cannibal the Musical.torrent
c:\documents and settings\User\Application Data\uTorrent\dht.dat
c:\documents and settings\User\Application Data\uTorrent\dht.dat.old
c:\documents and settings\User\Application Data\uTorrent\resume.dat
c:\documents and settings\User\Application Data\uTorrent\resume.dat.old
c:\documents and settings\User\Application Data\uTorrent\rss.dat
c:\documents and settings\User\Application Data\uTorrent\rss.dat.old
c:\documents and settings\User\Application Data\uTorrent\settings.dat
c:\documents and settings\User\Application Data\uTorrent\settings.dat.old
c:\documents and settings\User\Application Data\uTorrent\Simon.of.the.Desert.1965.CRITERION.DVDRip.x264.AC3-KARiNA.torrent
c:\documents and settings\User\Application Data\uTorrent\utorrent.lng
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Netdpntf
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 07:42 . 2010-07-31 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-28 13:34 . 2010-07-28 13:35 -------- d-----w- C:\bdaefde9b0e76aa65ab473361307
2010-07-28 13:04 . 2010-07-28 13:04 -------- d-----w- C:\268c2713d3e721a7079506b16ace6b
2010-07-28 13:04 . 2010-07-28 13:06 -------- d-----w- C:\67f777ba6f13cd04e84e42e98afeeefb
2010-07-28 06:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-28 06:43 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-28 05:33 . 2010-07-28 05:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-28 05:22 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-28 05:05 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-25 02:08 . 2010-07-25 02:08 -------- d-----w- c:\program files\ERUNT
2010-07-21 04:51 . 2010-07-21 04:51 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-07-21 02:14 . 2010-07-21 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-21 01:52 . 2010-07-21 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-21 01:46 . 2008-11-07 08:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40 . 2010-07-21 01:40 -------- d-----w- c:\program files\iPod
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\program files\iTunes
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:39 . 2010-07-21 01:40 -------- d-----w- c:\program files\QuickTime
2010-07-21 01:39 . 2010-07-21 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Apple Software Update
2010-07-21 01:38 . 2010-04-19 10:29 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38 . 2010-04-19 10:29 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38 . 2010-04-19 10:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38 . 2010-04-19 10:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Bonjour
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 07:04 . 2010-07-31 14:43 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
2010-07-20 07:04 . 2010-07-20 07:13 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\xqvcyorls
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-20 23:45 -------- d-----w- c:\program files\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\program files\Linksys
2010-07-09 01:39 . 2010-07-09 01:39 -------- d-----w- c:\program files\Pure Networks
2010-07-09 01:38 . 2009-07-07 04:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 01:38 . 2009-07-07 04:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 01:38 . 2010-07-09 01:38 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-09 01:38 . 2009-08-06 21:56 34223152 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-09 01:37 . 2010-07-09 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 13:58 . 2010-04-17 05:10 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-07-31 13:23 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-07-31 07:49 . 2008-04-15 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-31 07:41 . 2008-04-15 19:31 101336 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 12:40 . 2008-04-16 23:49 -------- d-----w- c:\program files\Microsoft Works
2010-07-27 14:07 . 2010-01-27 01:41 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-21 01:40 . 2010-05-23 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-09 01:38 . 2010-07-09 01:38 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-04 07:21 . 2010-06-06 02:08 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-06-30 10:49 . 2010-03-17 08:17 -------- d-----w- c:\documents and settings\User\Application Data\PrimoPDF
2010-06-30 08:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\EndNote X4
2010-06-30 06:45 . 2010-06-29 08:27 -------- d-----w- c:\documents and settings\User\Application Data\EndNote
2010-06-29 07:54 . 2010-06-29 07:54 -------- d-----w- c:\program files\Common Files\Risxtd
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\Common Files\ResearchSoft
2010-06-29 07:52 . 2010-06-29 07:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\documents and settings\User\Application Data\SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\program files\Secure Multi Track Downloader
2010-06-19 08:32 . 2010-02-12 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 08:31 . 2010-06-19 08:32 53632 ------w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-18 13:38 . 2010-05-14 04:28 -------- d-----w- c:\program files\LogMeIn
2010-06-18 13:37 . 2010-05-23 13:22 -------- d-----w- c:\program files\AVS4YOU
2010-06-18 13:37 . 2010-05-23 13:23 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 13:27 . 2008-04-15 19:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 02:17 . 2010-06-15 02:17 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 01:59 . 2010-02-02 05:04 -------- d-----w- c:\documents and settings\User\Application Data\Autodesk
2010-06-07 12:32 . 2010-02-02 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-07 12:29 . 2010-06-07 12:27 -------- d-----w- c:\program files\Revit Architecture 2008
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Autodesk
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\documents and settings\User\Application Data\Graphisoft
2010-06-07 12:24 . 2010-06-07 12:24 -------- d-----w- c:\program files\Graphisoft
2010-06-06 02:26 . 2010-06-06 02:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 02:05 . 2010-06-06 02:05 -------- d-----w- c:\program files\VideoLAN
2010-06-04 04:33 . 2010-06-04 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-04 04:03 . 2010-06-04 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 06:28 . 2010-05-22 06:28 503808 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcp71.dll
2010-05-22 06:28 . 2010-05-22 06:28 499712 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\jmc.dll
2010-05-22 06:28 . 2010-05-22 06:28 348160 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcr71.dll
2010-05-22 06:28 . 2010-05-22 06:28 61440 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-sse.dll
2010-05-22 06:28 . 2010-05-22 06:28 12800 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-d3d.dll
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35 . 2010-05-18 06:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\User\Local Settings\Application Data\xqvcyorls ----
((((((((((((((((((((((((((((( SnapShot@2010-07-31_08.14.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-31 14:40 . 2010-07-31 14:40 16384 c:\windows\Temp\Perflib_Perfdata_374.dat
+ 2010-07-31 14:40 . 2010-07-31 14:40 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
+ 2010-07-31 08:59 . 2010-07-31 08:59 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a0ee6b01c321171ef3d0f9e1fecc1e7c\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\911171dbecfe8bab9b6ff570a58685b2\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\34650745e477f02a8b645637970e5955\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2db0bd8c9d68363c6aff7c2643493c20\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2010-07-31 08:59 . 2010-07-31 08:59 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f48e3419fb2cb012fd160ae801600ae7\System.Messaging.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\aab5402eb4bc4b6833bc42796c4b6e8a\System.Management.Automation.resources.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2010-07-31 08:57 . 2010-07-31 08:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2010-07-31 08:55 . 2010-07-31 08:55 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fadd860881360ba09875daa70b84a2e2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b50e30b99a995c3f1075a33df9852986\Microsoft.PowerShell.Security.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\598b7aefb853a4ccc006d5719d4b224e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4293538b31bd3c32747ef99a08161ebe\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
- 2010-07-31 08:10 . 2010-07-31 08:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2010-07-31 08:55 . 2010-07-31 08:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 363520 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindowsWrapper\2835810a367595918f70294a56f1cfb0\AdWindowsWrapper.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\180d0cec7154b3cbde74c5b3bd4bc4b8\System.Management.Automation.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2010-07-31 08:57 . 2010-07-31 08:57 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1861632 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindows\1acadc337eeeaf0961ab36aeea9c503b\AdWindows.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\acmgdinternal\2ba815bdf2c8d7a673bfcf149e3c017d\acmgdinternal.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 2417152 c:\windows\assembly\NativeImages_v2.0.50727_32\acmgd\5c49b8849105b6ce946d4d7de0bb89e7\acmgd.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1418240 c:\windows\assembly\NativeImages_v2.0.50727_32\AcLayer\57432e1ef06c771c51cb0e643c9fc663\AcLayer.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 7633920 c:\windows\assembly\NativeImages_v2.0.50727_32\acdbmgd\5117915effb240eb2f5930e524defca3\acdbmgd.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 17815040 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c3511f3fe691d8a1d398a7e21385824c\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 09:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSoft PDF Printer Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSoft PDF Printer Agent.lnk
backup=c:\windows\pss\SmartSoft PDF Printer Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2007-03-28 02:56 413696 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2007-03-28 02:51 126976 ------w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-01-31 02:01 2618944 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:42 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-30 08:29 135664 -----tw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-03-22 17:02 120368 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-07 16:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 04:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-14 14:37 13549568 ------w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-14 14:37 86016 ------w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-14 14:37 1630208 ------w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-01-16 19:51 749568 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-28 23:38 925696 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 00:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-03-30 01:40 181808 ------w- c:\windows\system32\TpShocks.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wanActivate]
2007-02-14 21:08 446464 ------w- c:\program files\Lenovo\ActivateWan\WanActivate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 09:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\vwArchitectMPISolver.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\mpiexec.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEMaster.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\smpd.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEExecutor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/3/2007 10:47 AM 19760]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\Virtualwind\Virtualwind 2.1\bin\smpd.exe [10/24/2008 2:36 PM 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 3:10 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/9/2007 6:11 AM 569344]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [1/13/2007 6:26 AM 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [1/13/2007 3:29 AM 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/14/2006 5:42 AM 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 12:23 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/21/2010 11:38 AM 18432]
--- Other Services/Drivers In Memory ---
*Deregistered* - nadrb
.
Contents of the 'Scheduled Tasks' folder
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]
2010-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]
2010-07-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-15 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 00:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nadrb]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1732)
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1788)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-01 00:48:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 14:48
ComboFix2.txt 2010-07-31 08:19
Pre-Run: 6,700,945,408 bytes free
Post-Run: 6,719,922,176 bytes free
- - End Of File - - 91E6DF3AE3432B1148E78B3F396CC8DD
Hi,
Choosing update option was fine :)
Upload c:\windows\system32\drivers\nadrb.sys file to http://www.virustotal.com (rescan if it says the file has been scanned before) and post back the results/a link to the results.
Hello,
Just a quick message to say thank you for all of your speedy replies.
Sorry I have not been nearly as speedy on my end. Just been a hectic few days with the work/uni double.
So I thought it was worth saying I haven't at all forgotten about this thread, but I am a bit time short so need a little bit of time to sit in front of my computer so I don't rush and mess anything up.
I should have that time tomorrow!
Thank you again for your patience.
Ok. Thanks for the heads up :)
Adobe Issue -
hmm so I tried to download the new adobe reader as recommended, and got the following error message:
Error: 1327.Invalid Drive: F:\
Think this has anything to do with my malware issues?
Cheers,
Hi,
Download & extract this file to it's own folder - Registry Search (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip)
Launch Registry Search
In the search box, enter F:\. Make sure all checkboxes are checked. Click ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.
Hi Blade81,
Here is the latest log (from Registry search)
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 8/4/2010 5:03:07 PM for strings:
; 'f:\'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Autodesk\AutoCAD\R17.2\ACAD-7004:409\Profiles\AutoCAD Architecture (US Imperial)\Dialogs\OpenSaveAnavDialogs]
"InitialDirectory"="F:\\"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Autodesk\AutoCAD\R17.2\ACAD-7004:409\Profiles\AutoCAD Architecture (US Imperial)\Dialogs\Save Drawing As]
"InitialDirectory"="F:\\"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Autodesk\AutoCAD\R17.2\ACAD-7004:409\Recent File List]
"File1"="F:\\BASEMENT.dwg"
"File5"="F:\\1to500 07.dwg"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList]
"File4"="F:\\SIEM2\\Virtual Wind\\NEW\\AllCanopies\\10mpscanopy.avi"
"File5"="F:\\SIEM2\\Virtual Wind\\NEW\\Final2p02\\10mps.avi"
"File6"="F:\\SIEM2\\Virtual Wind\\NEW\\AllCanopies\\10mpscanopyOPTION43.avi"
"File7"="F:\\SIEM2\\Virtual Wind\\NEW\\AllCanopies\\10mpscanopy3.avi"
"File8"="F:\\SIEM2\\Virtual Wind\\NEW\\EX 2 SIMS\\Coarse.avi"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 45"="[F00000000][T01CB110EAAE4D950]*F:\\VIRTUALWIND latest\\Ex 1\\Virtual Wind Ex 1 summary.docx"
"Item 48"="[F00000000][T01CB0F9E66F40A70]*F:\\Professional Practice\\PP\\NATSPEC (1)\\NATSPEC\\02 SITE, URBAN AND OPEN SPACES\\027 Pavements\\0271 Pavement base and subbase.doc"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\avi]
"g"="F:\\SIEM2\\Virtual Wind\\NEW\\EX 2 SIMS\\Coarse.avi"
"h"="F:\\SIEM2\\Virtual Wind\\NEW\\EX 2 SIMS\\Fine.avi"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\docx]
"d"="F:\\Professional Practice\\Other PP\\PP paulie\\Professional Practice - Paul Vu.docx"
[HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"My Pictures"="F:\\Computer Backup\\Old Computer\\OLD COMPUTER\\My Pictures"
"My Music"="F:\\Computer Backup\\Old Computer\\OLD COMPUTER\\My Music"
"My Video"="F:\\Computer Backup\\Old Computer\\OLD COMPUTER\\My Videos"
; End Of The Log...
My plan is to now update Java,
then ATF File cleaner
then Kaspersky
then virus total
and lastly a new dds log.
Sound good?
Actually that plan doesn't work - foiled at the first step as I can't uninstall old versions of Java (I get the same error message as when I tried to update adobe)
Is this as fun for you as it is for me?
But seriously, thanks again. I really don't think I can say thanks enough!
Hi,
You have at some point moved My Pictures, My Music and My Video folders from My Documents to backup location. That's not advisable. If you want to backup stuff in those mentioned folders you have to copy/move their contents but not move the main folders themselves. Please have a look in %userprofile%\my documents folder. Let me know if those mentioned folders exist there.
Better fix this issue first before doing any other steps.
Oh...
I remember doing this.
It was a few months ago when I filled up my hard drive so I moved most of my files to a portable external hard drive, as well as deleting a lot of folders
Right now I'm far too paranoid to plug in my external hard drive in case any viruses are tranferrerd over. About half a year ago my computer crashed and I lost a LOT of my files, then a few days afterwrds my portable hard drive corrupted... I really don't want to end up in that situation again.
Is there any way to fix this without plugging in my portable hard drive?
Also I'm not even sure all the folders will be there...
At the moment in My Documents I have My Pictures, My Recieved Files and My Videos. I think I actually completely deleted My Music as I wasn't using it at all. I may have deleted other...
I didn't realise this was a really dumb thing to do, it may sound stupid but I thought they were just like any other folder.
Hi,
Create a new folder named My Music in %userprofile\My Documents folder.
Download ERUNT (http://www.softpedia.com/get/Tweak/Registry-Tweak/Erunt-g.shtml)
Save it to your desktop. Run and install this program.
In the box that opens ONLY choose
System registry.
Then click OK.
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.
1. Click start->run->type regedit and press enter.
2. Navigate to HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders branch.
3. Right click My Pictures. Select delete. Then right click on empty area below values there and select new->expandable string value. Name it as My Pictures and edit its value to %USERPROFILE%\My Documents\My Pictures.
4. Right click My Music. Select delete. Then right click on empty area below values there and select new->expandable string value. Name it as My Music and edit its value to %USERPROFILE%\My Documents\My Music.
5. Right click My Videos. Select delete. Then right click on empty area below values there and select new->expandable string value. Name it as My Videos and edit its value to %USERPROFILE%\My Documents\My Videos.
6. When done, close registry editor. See if you still get that error.
Ok, I ran ERUNT
But I may have misunderstood how to get to %userprofile%\my documents
What I did was type "%userprofile%\my documents" into the "My Computer" address bar.
Why I think I misunderstood is when I navigate to HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
all that is there is a folder called "New", there is no My Pictures, My Music or My Videos folders to delete.
What I did was type "%userprofile%\my documents" into the "My Computer" address bar.
If that opened My Documents in folder view then it's correct location for My Music folder.
Why I think I misunderstood is when I navigate to HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
all that is there is a folder called "New", there is no My Pictures, My Music or My Videos folders to delete.
Could you grab a screenshot of this (you may save it as a .png file via Windows own MS Paint for example), please?
Hi,
please see the attached screenshot.
Thanks.
Hi,
Did you navigate on tree to HKEY_USERS\S-1-5-21-2451687304-371562479-257786285-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders key? Your screenshot shows contents of totally different key (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to be exact).
Hi Blade,
Please see 2 more attached images
"untitled2" shows the process in which I navigated the tree to get to the User Shell Folders.
In which the only folder is "New"
"untitled3" shows what comes up when I click on the folder "New".
Hi,
Please post a screenshot of view when you click on User Shell Folders key there. Those "My Pictures" and the other two are values of that correspondent key meaning they should appear on the right side of the window.
Ahh ok I understanbd now! I was just expanding the tree, not clicking on it.
I have attached 2 images - "before" and "after"
"before" is before I followed the instructions to delete, recreate and change the values of the folders.
"after" is after I've done that.
Thanks for taking the time to really spell things out. As obvious as this all is to you is as foreign as it is to me. Gosh, I'm frighteningly ignorant right now.
Good. Please see if you're able to continue from those steps (Adobe Reader updating etc) that are still unfinished :)
Yup, Last night I downloaded new reader, new java etc etc. All good.
I tried running Kaspersky but my internet connection kept dropping out, so I left it to run again while I'm out of the house.
I'll check on it's progress, finish the steps and get a new dds report when I get home.
Good. Shall wait for the reports then :)
Bad news... For some reason I can no longer disable McAfee.
As I can't disable McAfee I don't think it's a good idea to run the dds log.
Fun times, fun times. I guess have a good weekend and I will bother you again next week? I feel bad tying up your time with problem after problem after problem after....
Could you uninstall McAfee for now? You may reinstall after cleaning process is finished.
I could uninstall it no problem, but I no longer have the installation CD...
Well, McAfee won't affect DDS run so it won't be a problem if you can't disable protection.
Hello,
please see the below Kaspersky report.
dds to follow soon.
thanks.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 08, 2010 19:42:20
Records in database: 4133163
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 139252
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 05:41:11
File name / Threat / Threats count
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\26\3dba6c9a-55bfb443 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\26\3dba6c9a-55bfb443 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\26\3dba6c9a-55bfb443 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Qoobox\Quarantine\C\zzzzzzzzzz.exe\zzzzzzzzzz.exe.vir Infected: Packed.Win32.Krap.hm 1
C:\Siem Data\Desktop\Misc\JB3MV2_PCWDRV_US_2_01_00.EXE Infected: Trojan.Win32.TDSS.bjff 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000032.exe Infected: Packed.Win32.Krap.hm 1
Selected area has been scanned.
Hmm... not quite sure what I'm doing wrong for the DDS report. It's not giving a blank screen then 2 reports, instead it is just opening a .txt file of gibberish.
I tried running ERUNT then .dds to see if it made a difference.
no.
At the start of the gibb is a message long the lines of "does not run in DOS mode"
Gah. Just figured I should post something as it has been a few days.
Ignore that!
I just tried the 2nd DDS link, worked fine:
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:05:11.20 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1988 [GMT 10:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Virtualwind\Virtualwind 2.1\bin\smpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264553811218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279689959812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\e1uuznpp.default\
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-3 19760]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-14 47640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-1-27 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\virtualwind\virtualwind 2.1\bin\smpd.exe [2008-10-24 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-9 569344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 177864]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [2007-1-13 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [2007-1-13 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-14 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-7-21 18432]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
============== File Associations ===============
.scr=AutoCADScriptFile
.txt=
=============== Created Last 30 ================
2010-08-04 15:54:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-04 15:54:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-04 15:33:18 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-08-04 15:33:15 0 d-----w- c:\program files\McAfee Security Scan
2010-08-01 06:22:53 0 d-----w- c:\docume~1\user\applic~1\Office Genuine Advantage
2010-08-01 06:19:33 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-07-31 08:02:16 0 d-sha-r- C:\cmdcons
2010-07-31 07:59:41 98816 ----a-w- c:\windows\sed.exe
2010-07-31 07:59:41 77312 ----a-w- c:\windows\MBR.exe
2010-07-31 07:59:41 256512 ----a-w- c:\windows\PEV.exe
2010-07-31 07:59:41 161792 ----a-w- c:\windows\SWREG.exe
2010-07-28 13:34:51 0 d-----w- C:\bdaefde9b0e76aa65ab473361307
2010-07-28 13:04:06 0 d-----w- C:\268c2713d3e721a7079506b16ace6b
2010-07-28 13:04:01 0 d-----w- C:\67f777ba6f13cd04e84e42e98afeeefb
2010-07-28 06:48:54 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-28 06:43:18 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-28 05:33:57 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-28 05:22:38 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-28 05:05:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-28 05:05:39 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-21 04:51:20 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-07-21 04:44:04 1061 ----a-w- c:\windows\lsrslt.ini
2010-07-21 01:46:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46:34 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42:34 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42:34 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40:46 0 d-----w- c:\program files\iPod
2010-07-21 01:40:39 0 d-----w- c:\program files\iTunes
2010-07-21 01:40:39 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:38:36 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38:36 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38:31 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38:31 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38:15 0 d-----w- c:\program files\Bonjour
2010-07-21 00:06:08 0 d-----w- c:\windows\pss
2010-07-20 23:24:48 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-07-20 23:24:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 23:24:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-20 07:04:20 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
==================== Find3M ====================
2010-07-27 14:07:40 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-05-18 06:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-15 19:05:36 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-27 00:42:52 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012720100128\index.dat
============= FINISH: 23:06:05.82 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2008 5:30:53 AM
System Uptime: 8/9/2010 2:46:54 PM (9 hours ago)
Motherboard: LENOVO | | 6460A48
Processor: Intel Pentium III Xeon processor | None | 777/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 181 GiB total, 5.071 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 7/31/2010 5:59:47 PM - System Checkpoint
RP2: 8/1/2010 12:53:59 AM - Software Distribution Service 3.0
RP3: 8/2/2010 1:37:46 AM - Software Distribution Service 3.0
RP4: 8/3/2010 11:34:01 AM - Software Distribution Service 3.0
RP5: 8/4/2010 4:47:48 PM - System Checkpoint
RP6: 8/4/2010 5:21:58 PM - Removed Java(TM) 6 Update 18
RP7: 8/5/2010 1:16:11 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP8: 8/5/2010 1:17:23 AM - Removed Adobe Reader 8
RP9: 8/5/2010 1:40:13 AM - Installed Adobe Reader 9.3.3.
RP10: 8/5/2010 1:53:54 AM - Installed Java(TM) 6 Update 21
RP11: 8/9/2010 3:17:50 PM - System Checkpoint
==== Installed Programs ======================
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS
Adobe Reader 9.3.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArchiCAD 11 AUS
AutoCAD Architecture 2009
Autodesk Design Review 2009
Autodesk DWF Viewer 7
Bonjour
Canon iX4000
Canon MP150
Cisco Network Magic
Client Security Solution
Diskeeper Lite
DivX Web Player
EndNote X4
ERUNT 1.1j
Google Chrome
Google Earth
Google SketchUp Pro 7
Google Update Helper
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Integrated Camera
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee Virtual Technician
McAfee VirusScan Enterprise
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mMHouse
Mozilla Firefox (3.6.8)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Multiframe 12.02 Demo
Multiframe3D 10 Academic
Multiframe3D 12.02 Academic
mWlsSafe
Nero 7 Ultra Edition
Network Magic
NVIDIA Drivers
OGA Notifier 2.0.0048.0
On Screen Display
Presentation Director
PrimoPDF -- by Nitro PDF Software
Productivity Center Supplement for ThinkPad
Pure Networks Platform
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
ResearchSoft Direct Export Helper
Revit Architecture 2008
Secure Multi Track Downloader
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sierra Wireless HSDPA MiniCard
Skype™ 4.2
Smart PDF Creator 5.0.1.343
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
Virtualwind 2.1
VLC media player 1.0.1
Wallpapers
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
XP Themes
Yahoo! Software Update
YASA MP4 Video Converter v3.2 (build 0051)
==== Event Viewer Messages From Past Week ========
8/4/2010 5:53:20 PM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
8/4/2010 2:19:36 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
8/4/2010 2:19:36 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
8/4/2010 1:59:59 PM, error: NETw4x32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
8/3/2010 10:38:38 AM, error: System Error [1003] - Error code 100000d1, parameter1 b1f97bb8, parameter2 00000002, parameter3 00000000, parameter4 b7a9dd56.
8/3/2010 10:35:47 AM, error: PSched [14103] - QoS [Adapter {B51705BA-7D5C-46DA-A52A-62D0717EC579}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
8/2/2010 7:49:37 PM, error: Print [6161] - The document Microsoft Word - Oil refining in Australia owned by User failed to print on printer Canon iX4000. Data type: NT EMF 1.008. Size of the spool file in bytes: 262144. Number of bytes printed: 84928. Total number of pages in the document: 6. Number of pages printed: 0. Client machine: \\T61P. Win32 error code returned by the print processor: 13 (0xd).
8/2/2010 1:36:29 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
==== End Of File ===========================
Hi,
Delete these files:
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\26\3dba6c9a-55bfb443
C:\Siem Data\Desktop\Misc\JB3MV2_PCWDRV_US_2_01_00.EXE
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Hi Blade,
There is also an .idx file called 3dba6c9a-55bfb443, do I delete this too?
Also, should I not run Combofix again until I uninstall Macafee (Can't disable it...I might try see if there are any firmware updates that fix the problem before I uninstall it)
Thanks.
Hi,
There is also an .idx file called 3dba6c9a-55bfb443, do I delete this too?
Leave that file there.
Also, should I not run Combofix again until I uninstall Macafee (Can't disable it...I might try see if there are any firmware updates that fix the problem before I uninstall it)You may try to run the ComboFix /uninstall command in safe mode.
Dumb question:
do you mean run ComboFix while my computer is in Safe Mode
or
does ComboFix have a "Safe Mode"??
Boot Windows into safe mode and run ComboFix /uninstall command there.
I just tried running combo fix in safe mode, it still gave the mcafee warning.
The scan didn't run as combo fix has expired, so I'll redownload, but this is probably a good thing.
The only way I know how to run combo fix is by just clicking on it, what do you mean "uninstall"?
Also, just to double check my computer should be in safe mode, not safe mode recovery and not safemode w networking, correct?
And last question, do you recommend I uninstall mcafee and instead use agree anti virus? Mcafee is often probematic. What would you do? In the near future I'm thinking if purchasing kaspersky, but until then...
Thanks, you'll be rid if me and my incessant questioning soon!!!!
All you help has been so so so appreciated, I'm really thankful for your sticking with this!
Oh just to clarify by safemode recovery I mean run in safe mode, an then select the recovery console rather than the normal xp one?
Hi,
The only way I know how to run combo fix is by just clicking on it, what do you mean "uninstall"?
My earlier instructions:
Now lets uninstall ComboFix:
* Click START then RUN
* Now copy-paste Combofix /uninstall in the runbox and click OK
Do that in safe mode (press f8 and select safe mode)
And last question, do you recommend I uninstall mcafee and instead use agree anti virus? Mcafee is often probematic. What would you do? In the near future I'm thinking if purchasing kaspersky, but until then...
"agree anti virus"? Do you mean Antivir, Avast or AVG by any chance? Haven't heard of agree anti virus :)
Sorry I think I was a bit tired when I sent that last message.
By "Agree AntiVirus" what I mean is I started writing Avast, then I wanted to type "a free" and then my brain just temporarily died.
OK, back to securing the computer!
Ok, thanks for explaining that :). Avast is a good free option.
Hmm...
I think my computer is ok... but I'm not sure. So before I release you I'm going to quickly outline hte few things that worry me:
Every time I reboot my computer for a moment a baloon comes up saying that my firewall has been turned off, but every time I check my firewall it is actually turned on.
McAfee also glows red every time I reboot.
And just now this thing called "Microsoft Windows Malicious Software Removal Tool" just popped up, saying it has found Malware.
Si this a real or fake program? I have no idea anymore...
Every time I reboot my computer for a moment a baloon comes up saying that my firewall has been turned off, but every time I check my firewall it is actually turned on.
McAfee also glows red every time I reboot.
Security Center may check readiness in earlier phase than protection is running. If both alerts disappear soon after then that's ok.
And just now this thing called "Microsoft Windows Malicious Software Removal Tool" just popped up, saying it has found Malware.
Si this a real or fake program? I have no idea anymore...
Do you have a screenshot to share?
Hello,
Sorry, no screen shot. It only popped up once, and I'm not sure it will pop up ever again... Weird.
Anyway, 30 odd posts later I can say my computer is working MUCH MUCH MUCH better than it was before thanks to you!
So thank you SO much for all of your help.
You're now free :)
Take care, and all the best!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.