Antimalware Doctor + More

[Biads]

Hi,

So recently my computer was infected with Antimalware Doctor, it was very aggressive, upon starting up my computer it would completely freeze, I couldn't access the internet at all etc, so I sent my computer to the very helpful IT department at work and they "fixed" it.

I got my computer back, and Antimalware Doctor seems to be gone, however after running my computer for only a few hours another malware popped up, this time it is "l84alx.exe"

So I am thinking maybe my computer wasn't completely cleaned.

Please see the two DDS reports below.

Thank you so much for all of your time and help, it's really appreciated, I absolutely respect your expertise in this area as if it were up to me to fix my computer alone I'd be a foetal pile of overwhelmed gibberish.





DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 12:10:47.23 on Sun 07/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2121 [GMT 10:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Virtualwind\Virtualwind 2.1\bin\smpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mDefault_Page_URL = hxxp://au.my.yahoo.com/linksys
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
uWinlogon: Shell=explorer.exe,c:\documents and settings\user\application data\sbeb.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Ggaxiyohupo] rundll32.exe "c:\windows\iqifogutudi.dll",Startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mExplorerRun: [tcyz46] c:\docume~1\user\locals~1\temp\l84alx.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264553811218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279689959812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: LMIinit - LMIinit.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli psqlpwd ACGina

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-3 19760]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-14 47640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-1-27 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\virtualwind\virtualwind 2.1\bin\smpd.exe [2008-10-24 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-9 569344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 177864]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [2007-1-13 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [2007-1-13 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-14 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-7-21 18432]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Netdpntf;Netdpntf; [x]

============== File Associations ===============

.scr=AutoCADScriptFile
.txt=

=============== Created Last 30 ================

2010-07-21 04:51:20 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-07-21 04:44:04 1061 ----a-w- c:\windows\lsrslt.ini
2010-07-21 01:46:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46:34 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42:34 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42:34 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40:46 0 d-----w- c:\program files\iPod
2010-07-21 01:40:39 0 d-----w- c:\program files\iTunes
2010-07-21 01:40:39 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:38:36 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38:36 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38:31 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38:31 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38:15 0 d-----w- c:\program files\Bonjour
2010-07-21 00:06:08 0 d-----w- c:\windows\pss
2010-07-20 23:24:48 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-07-20 23:24:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 23:24:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-20 07:04:20 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
2010-07-20 07:04:16 0 d-----w- c:\windows\system32\mswindows
2010-07-20 07:03:52 0 d-----w- c:\docume~1\user\applic~1\F400F8B8985528E4E912D13028716DB6
2010-07-09 03:57:29 0 d-----w- c:\program files\Yahoo!
2010-07-09 03:57:17 0 d-----w- c:\program files\Linksys
2010-07-09 01:39:06 0 d-----w- c:\program files\Pure Networks
2010-07-09 01:38:37 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 01:38:32 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 01:38:26 0 d-----w- c:\program files\common files\Pure Networks Shared
2010-07-09 01:37:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2010-06-29 08:27:14 0 d-----w- c:\docume~1\user\applic~1\EndNote
2010-06-29 07:54:01 0 d-----w- c:\program files\common files\Risxtd
2010-06-29 07:53:56 0 d-----w- c:\program files\common files\ResearchSoft
2010-06-29 07:53:25 0 d-----w- c:\program files\EndNote X4
2010-06-29 07:53:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Thomson.ResearchSoft.Installers
2010-06-29 07:52:20 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-07-23 09:20:40 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-05-18 06:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-15 19:05:36 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-27 00:42:52 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012720100128\index.dat

============= FINISH: 12:11:50.42 ===============














UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2008 5:30:53 AM
System Uptime: 7/25/2010 11:14:42 AM (1 hours ago)

Motherboard: LENOVO | | 6460A48
Processor: Intel Pentium III Xeon processor | None | 777/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 181 GiB total, 7.624 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS
Adobe Reader 8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArchiCAD 11 AUS
AutoCAD Architecture 2009
Autodesk Design Review 2009
Autodesk DWF Viewer 7
Bonjour
Canon iX4000
Canon MP150
Cisco Network Magic
Client Security Solution
Diskeeper Lite
DivX Web Player
EndNote X4
ERUNT 1.1j
Google Chrome
Google Earth
Google SketchUp Pro 7
Google Update Helper
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Integrated Camera
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee Virtual Technician
McAfee VirusScan Enterprise
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Multiframe 12.02 Demo
Multiframe3D 10 Academic
Multiframe3D 12.02 Academic
mWlsSafe
Nero 7 Ultra Edition
Network Magic
NVIDIA Drivers
On Screen Display
Presentation Director
PrimoPDF -- by Nitro PDF Software
Productivity Center Supplement for ThinkPad
Pure Networks Platform
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
ResearchSoft Direct Export Helper
Revit Architecture 2008
Secure Multi Track Downloader
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sierra Wireless HSDPA MiniCard
Skype™ 4.2
Smart PDF Creator 5.0.1.343
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
Virtualwind 2.1
VLC media player 1.0.1
Wallpapers
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
XP Themes
Yahoo! Software Update
YASA MP4 Video Converter v3.2 (build 0051)

==== Event Viewer Messages From Past Week ========

7/21/2010 9:11:08 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/21/2010 9:11:00 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/21/2010 2:47:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm TPHKDRV TPPWRIF TSMAPIP
7/21/2010 12:13:50 PM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
7/21/2010 12:11:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/21/2010 11:53:37 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:53:37 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF TSMAPIP
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:01:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 11:00:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2010 11:00:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/21/2010 10:12:19 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
7/21/2010 10:12:19 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
7/20/2010 5:04:22 PM, error: Service Control Manager [7000] - The Intel(r) 82801 Audio Driver Install Service (WDM) service failed to start due to the following error: A device attached to the system is not functioning.

==== End Of File ===========================

Whatever this Malware is the longer it remains on my computer the worse it gets.

My firewall keeps getting turned off, system registry changes, and upon running spybot last night it found about 50 issues.

When I rebooted my computer after the spybot check so many messages popped up upon logging in that my computer froze.

I rebooted it just now and the message I got is:

Error Loading C:\WINDOWS\iqifogutudi.dll
The specific module could not be found

My computer is running slower and slower. I really appreciate any help, I need my computer urgently for my uni work.

Thank you in advance for your time and help.

[Blade81]

Hi,

Is this your personal computer or some system at workplace?

[Biads]

Hi, It is my personal computer.

[Blade81]

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[Biads]

Thank you for the quick reply,

Before I run combofix could I please have a quick explanation in regards to what "damage" it might do to my computer?

And also if there is anything I should do, or specifically avoid doing so as to lower the risk of damage?

Thanks again for your help!

[Blade81]

Hi,

Before I run combofix could I please have a quick explanation in regards to what "damage" it might do to my computer?

There's always a risk that system might become unbootable (one reason why ComboFix should be run only under supervision of trained helper). In your case risk shouldn't be big.

And also if there is anything I should do, or specifically avoid doing so as to lower the risk of damage?

Please follow the tutorial and you should be fine.

[Biads]

Hi again,

so I ran combofix and this is the report.

When combofix rebooted my computer I didn't get the C:\.....dll.exe error I had been getting, so thats a plus.





ComboFix 10-07-30.02 - User 07/31/2010 18:04:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2391 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\enemies-names.txt
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\local.ini
c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\lsrslt.ini
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\chrome.manifest
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\chrome\content\_cfg.js
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\chrome\content\overlay.xul
c:\documents and settings\User\Local Settings\Application Data\{A192D64D-3B9A-4373-9F67-85E1C5B35911}\install.rdf
c:\windows\system32\mswindows
c:\windows\system32\Thumbs.db
C:\zzzzzzzzzz.exe
c:\zzzzzzzzzz.exe\config.bin
c:\zzzzzzzzzz.exe\zzzzzzzzzz.exe

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 07:49 . 2010-07-31 07:49 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-07-31 07:42 . 2010-07-31 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-28 13:34 . 2010-07-28 13:35 -------- d-----w- C:\bdaefde9b0e76aa65ab473361307
2010-07-28 13:04 . 2010-07-28 13:04 -------- d-----w- C:\268c2713d3e721a7079506b16ace6b
2010-07-28 13:04 . 2010-07-28 13:06 -------- d-----w- C:\67f777ba6f13cd04e84e42e98afeeefb
2010-07-28 06:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-28 06:43 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-28 05:33 . 2010-07-28 05:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-28 05:22 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-28 05:05 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-25 02:08 . 2010-07-25 02:08 -------- d-----w- c:\program files\ERUNT
2010-07-21 04:51 . 2010-07-21 04:51 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-07-21 02:14 . 2010-07-21 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-21 01:52 . 2010-07-21 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-21 01:46 . 2008-11-07 08:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40 . 2010-07-21 01:40 -------- d-----w- c:\program files\iPod
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\program files\iTunes
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:39 . 2010-07-21 01:40 -------- d-----w- c:\program files\QuickTime
2010-07-21 01:39 . 2010-07-21 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Apple Software Update
2010-07-21 01:38 . 2010-04-19 10:29 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38 . 2010-04-19 10:29 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38 . 2010-04-19 10:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38 . 2010-04-19 10:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Bonjour
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 07:04 . 2010-07-31 08:14 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
2010-07-20 07:04 . 2010-07-20 07:13 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\xqvcyorls
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-20 23:45 -------- d-----w- c:\program files\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\program files\Linksys
2010-07-09 01:39 . 2010-07-09 01:39 -------- d-----w- c:\program files\Pure Networks
2010-07-09 01:38 . 2009-07-07 04:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 01:38 . 2009-07-07 04:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 01:38 . 2010-07-09 01:38 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-09 01:38 . 2009-08-06 21:56 34223152 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-09 01:37 . 2010-07-09 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 07:49 . 2008-04-15 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-31 07:41 . 2008-04-15 19:31 101336 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 12:40 . 2008-04-16 23:49 -------- d-----w- c:\program files\Microsoft Works
2010-07-27 14:07 . 2010-01-27 01:41 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-07-26 06:32 . 2010-04-17 05:10 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-07-26 06:04 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-21 01:40 . 2010-05-23 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-09 01:38 . 2010-07-09 01:38 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-04 07:21 . 2010-06-06 02:08 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-06-30 10:49 . 2010-03-17 08:17 -------- d-----w- c:\documents and settings\User\Application Data\PrimoPDF
2010-06-30 08:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\EndNote X4
2010-06-30 06:45 . 2010-06-29 08:27 -------- d-----w- c:\documents and settings\User\Application Data\EndNote
2010-06-29 07:54 . 2010-06-29 07:54 -------- d-----w- c:\program files\Common Files\Risxtd
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\Common Files\ResearchSoft
2010-06-29 07:52 . 2010-06-29 07:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\documents and settings\User\Application Data\SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\program files\Secure Multi Track Downloader
2010-06-19 08:32 . 2010-02-12 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 08:31 . 2010-06-19 08:32 53632 ------w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-06-18 13:38 . 2010-05-14 04:28 -------- d-----w- c:\program files\LogMeIn
2010-06-18 13:37 . 2010-05-23 13:22 -------- d-----w- c:\program files\AVS4YOU
2010-06-18 13:37 . 2010-05-23 13:23 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 13:27 . 2008-04-15 19:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-18 12:35 . 2010-03-05 00:05 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 02:17 . 2010-06-15 02:17 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 01:59 . 2010-02-02 05:04 -------- d-----w- c:\documents and settings\User\Application Data\Autodesk
2010-06-07 12:32 . 2010-02-02 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-07 12:29 . 2010-06-07 12:27 -------- d-----w- c:\program files\Revit Architecture 2008
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Autodesk
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\documents and settings\User\Application Data\Graphisoft
2010-06-07 12:24 . 2010-06-07 12:24 -------- d-----w- c:\program files\Graphisoft
2010-06-06 02:26 . 2010-06-06 02:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 02:05 . 2010-06-06 02:05 -------- d-----w- c:\program files\VideoLAN
2010-06-04 04:33 . 2010-06-04 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-04 04:03 . 2010-06-04 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 06:28 . 2010-05-22 06:28 503808 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcp71.dll
2010-05-22 06:28 . 2010-05-22 06:28 499712 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\jmc.dll
2010-05-22 06:28 . 2010-05-22 06:28 348160 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcr71.dll
2010-05-22 06:28 . 2010-05-22 06:28 61440 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-sse.dll
2010-05-22 06:28 . 2010-05-22 06:28 12800 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-d3d.dll
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35 . 2010-05-18 06:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 09:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSoft PDF Printer Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSoft PDF Printer Agent.lnk
backup=c:\windows\pss\SmartSoft PDF Printer Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2007-03-28 02:56 413696 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2007-03-28 02:51 126976 ------w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-01-31 02:01 2618944 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-30 08:29 135664 -----tw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-03-22 17:02 120368 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-07 16:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 04:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-14 14:37 13549568 ------w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-14 14:37 86016 ------w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-14 14:37 1630208 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-01-16 19:51 749568 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-28 23:38 925696 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 00:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-03-30 01:40 181808 ------w- c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wanActivate]
2007-02-14 21:08 446464 ------w- c:\program files\Lenovo\ActivateWan\WanActivate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 09:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\vwArchitectMPISolver.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\mpiexec.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEMaster.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\smpd.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEExecutor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/3/2007 10:47 AM 19760]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\Virtualwind\Virtualwind 2.1\bin\smpd.exe [10/24/2008 2:36 PM 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 3:10 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/9/2007 6:11 AM 569344]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [1/13/2007 6:26 AM 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [1/13/2007 3:29 AM 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/14/2006 5:42 AM 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 12:23 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/21/2010 11:38 AM 18432]
S4 Netdpntf;Netdpntf; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - nadrb
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]

2010-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]

2010-07-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-15 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-zzzzzzzzzz.exe - c:\zzzzzzzzzz.exe\zzzzzzzzzz.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-Ggaxiyohupo - c:\windows\iqifogutudi.dll
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-070700Setup - c:\documents and settings\User\Application Data\F400F8B8985528E4E912D13028716DB6\070700Setup.exe
MSConfigStartUp-Ggaxiyohupo - c:\windows\iqifogutudi.dll
MSConfigStartUp-Izequ - c:\windows\mqmods.dll
MSConfigStartUp-uTorrent - c:\windows\System32\mswindows\igfx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 18:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nadrb]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1716)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'lsass.exe'(1772)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(4684)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-31 18:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 08:19

Pre-Run: 6,788,087,808 bytes free
Post-Run: 6,718,115,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 157F4AA9D438036E587CB977359E3E9B

[Blade81]

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://forums.spybot.info/showthread.php?p=379164#post379164
Suspect::
c:\windows\system32\drivers\nadrb.sys
Driver::
Netdpntf
DirLook::
c:\documents and settings\User\Local Settings\Application Data\xqvcyorls
Folder::
c:\documents and settings\User\Application Data\uTorrent

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows, disable protection and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

[Biads]

Hi,

Unsure if the CFScript worked as when it started running it said combofix had a new version, did I want to update?

I said yes...

Then I think it ran exactly as it did last time,

was it supposed to do something differently?

Please see below.

If this is in fact correct then I will post up the other report, otherwise I'll run the CFScript again and then continue.

Also, even though I have disabled McAfee it seems it might still be interfering, which is quite worrying. I'm debating if it's worth uninstalling it completely.

Again, thanks so much for your time!




ComboFix 10-07-30.04 - User 08/01/2010 0:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2283 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\uTorrent
c:\documents and settings\User\Application Data\uTorrent\Cannibal the Musical.torrent
c:\documents and settings\User\Application Data\uTorrent\dht.dat
c:\documents and settings\User\Application Data\uTorrent\dht.dat.old
c:\documents and settings\User\Application Data\uTorrent\resume.dat
c:\documents and settings\User\Application Data\uTorrent\resume.dat.old
c:\documents and settings\User\Application Data\uTorrent\rss.dat
c:\documents and settings\User\Application Data\uTorrent\rss.dat.old
c:\documents and settings\User\Application Data\uTorrent\settings.dat
c:\documents and settings\User\Application Data\uTorrent\settings.dat.old
c:\documents and settings\User\Application Data\uTorrent\Simon.of.the.Desert.1965.CRITERION.DVDRip.x264.AC3-KARiNA.torrent
c:\documents and settings\User\Application Data\uTorrent\utorrent.lng

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Netdpntf


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 07:42 . 2010-07-31 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-28 13:34 . 2010-07-28 13:35 -------- d-----w- C:\bdaefde9b0e76aa65ab473361307
2010-07-28 13:04 . 2010-07-28 13:04 -------- d-----w- C:\268c2713d3e721a7079506b16ace6b
2010-07-28 13:04 . 2010-07-28 13:06 -------- d-----w- C:\67f777ba6f13cd04e84e42e98afeeefb
2010-07-28 06:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-28 06:43 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-28 05:33 . 2010-07-28 05:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-28 05:22 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-28 05:05 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-25 02:08 . 2010-07-25 02:08 -------- d-----w- c:\program files\ERUNT
2010-07-21 04:51 . 2010-07-21 04:51 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-07-21 02:14 . 2010-07-21 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-21 01:52 . 2010-07-21 01:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-21 01:46 . 2008-11-07 08:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-21 01:42 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-21 01:42 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-21 01:40 . 2010-07-21 01:40 -------- d-----w- c:\program files\iPod
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\program files\iTunes
2010-07-21 01:40 . 2010-07-21 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-21 01:39 . 2010-07-21 01:40 -------- d-----w- c:\program files\QuickTime
2010-07-21 01:39 . 2010-07-21 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Apple Software Update
2010-07-21 01:38 . 2010-04-19 10:29 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-21 01:38 . 2010-04-19 10:29 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2010-07-21 01:38 . 2010-04-19 10:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-21 01:38 . 2010-04-19 10:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\program files\Bonjour
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 23:24 . 2010-07-20 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-20 23:24 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 07:04 . 2010-07-31 14:43 766464 ----a-w- c:\windows\system32\drivers\nadrb.sys
2010-07-20 07:04 . 2010-07-20 07:13 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\xqvcyorls
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-07-09 03:57 . 2010-07-20 23:45 -------- d-----w- c:\program files\Yahoo!
2010-07-09 03:57 . 2010-07-09 03:57 -------- d-----w- c:\program files\Linksys
2010-07-09 01:39 . 2010-07-09 01:39 -------- d-----w- c:\program files\Pure Networks
2010-07-09 01:38 . 2009-07-07 04:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-09 01:38 . 2009-07-07 04:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-09 01:38 . 2010-07-09 01:38 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-09 01:38 . 2009-08-06 21:56 34223152 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-09 01:37 . 2010-07-09 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 13:58 . 2010-04-17 05:10 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-07-31 13:23 . 2010-04-17 05:17 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-07-31 07:49 . 2008-04-15 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-31 07:41 . 2008-04-15 19:31 101336 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 12:40 . 2008-04-16 23:49 -------- d-----w- c:\program files\Microsoft Works
2010-07-27 14:07 . 2010-01-27 01:41 153592 ----a-w- c:\windows\system32\nvModes.dat
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-07-21 01:46 . 2010-07-21 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-21 01:46 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-21 01:40 . 2010-05-23 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-09 01:38 . 2010-07-09 01:38 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-07-04 07:21 . 2010-06-06 02:08 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-06-30 10:49 . 2010-03-17 08:17 -------- d-----w- c:\documents and settings\User\Application Data\PrimoPDF
2010-06-30 08:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\EndNote X4
2010-06-30 06:45 . 2010-06-29 08:27 -------- d-----w- c:\documents and settings\User\Application Data\EndNote
2010-06-29 07:54 . 2010-06-29 07:54 -------- d-----w- c:\program files\Common Files\Risxtd
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2010-06-29 07:53 . 2010-06-29 07:53 -------- d-----w- c:\program files\Common Files\ResearchSoft
2010-06-29 07:52 . 2010-06-29 07:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\documents and settings\User\Application Data\SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1
2010-06-19 08:32 . 2010-06-19 08:32 -------- d-----w- c:\program files\Secure Multi Track Downloader
2010-06-19 08:32 . 2010-02-12 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 08:31 . 2010-06-19 08:32 53632 ------w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-06-18 13:38 . 2010-05-14 04:28 -------- d-----w- c:\program files\LogMeIn
2010-06-18 13:37 . 2010-05-23 13:22 -------- d-----w- c:\program files\AVS4YOU
2010-06-18 13:37 . 2010-05-23 13:23 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 13:27 . 2008-04-15 19:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 02:17 . 2010-06-15 02:17 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 01:59 . 2010-02-02 05:04 -------- d-----w- c:\documents and settings\User\Application Data\Autodesk
2010-06-07 12:32 . 2010-02-02 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-07 12:29 . 2010-06-07 12:27 -------- d-----w- c:\program files\Revit Architecture 2008
2010-06-07 12:29 . 2010-02-02 05:04 -------- d-----w- c:\program files\Autodesk
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\documents and settings\User\Application Data\Graphisoft
2010-06-07 12:24 . 2010-06-07 12:24 -------- d-----w- c:\program files\Graphisoft
2010-06-06 02:26 . 2010-06-06 02:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 02:05 . 2010-06-06 02:05 -------- d-----w- c:\program files\VideoLAN
2010-06-04 04:33 . 2010-06-04 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-04 04:03 . 2010-06-04 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 06:28 . 2010-05-22 06:28 503808 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcp71.dll
2010-05-22 06:28 . 2010-05-22 06:28 499712 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\jmc.dll
2010-05-22 06:28 . 2010-05-22 06:28 348160 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4720dd2e-n\msvcr71.dll
2010-05-22 06:28 . 2010-05-22 06:28 61440 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-sse.dll
2010-05-22 06:28 . 2010-05-22 06:28 12800 ------w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18552e11-n\decora-d3d.dll
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 06:35 . 2010-05-18 06:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\User\Local Settings\Application Data\xqvcyorls ----



((((((((((((((((((((((((((((( SnapShot@2010-07-31_08.14.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-31 14:40 . 2010-07-31 14:40 16384 c:\windows\Temp\Perflib_Perfdata_374.dat
+ 2010-07-31 14:40 . 2010-07-31 14:40 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
+ 2010-07-31 08:59 . 2010-07-31 08:59 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a0ee6b01c321171ef3d0f9e1fecc1e7c\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\911171dbecfe8bab9b6ff570a58685b2\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\34650745e477f02a8b645637970e5955\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2db0bd8c9d68363c6aff7c2643493c20\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2010-07-31 08:59 . 2010-07-31 08:59 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f48e3419fb2cb012fd160ae801600ae7\System.Messaging.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\aab5402eb4bc4b6833bc42796c4b6e8a\System.Management.Automation.resources.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2010-07-31 08:57 . 2010-07-31 08:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2010-07-31 08:55 . 2010-07-31 08:55 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2010-07-31 08:54 . 2010-07-31 08:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fadd860881360ba09875daa70b84a2e2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b50e30b99a995c3f1075a33df9852986\Microsoft.PowerShell.Security.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\598b7aefb853a4ccc006d5719d4b224e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4293538b31bd3c32747ef99a08161ebe\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
- 2010-07-31 08:10 . 2010-07-31 08:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2010-07-31 08:55 . 2010-07-31 08:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 363520 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindowsWrapper\2835810a367595918f70294a56f1cfb0\AdWindowsWrapper.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2010-07-31 08:59 . 2010-07-31 08:59 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\180d0cec7154b3cbde74c5b3bd4bc4b8\System.Management.Automation.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2010-07-31 08:57 . 2010-07-31 08:57 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
- 2010-07-31 08:10 . 2010-07-31 08:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2010-07-31 08:58 . 2010-07-31 08:58 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2010-07-31 08:56 . 2010-07-31 08:56 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1861632 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindows\1acadc337eeeaf0961ab36aeea9c503b\AdWindows.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\acmgdinternal\2ba815bdf2c8d7a673bfcf149e3c017d\acmgdinternal.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 2417152 c:\windows\assembly\NativeImages_v2.0.50727_32\acmgd\5c49b8849105b6ce946d4d7de0bb89e7\acmgd.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 1418240 c:\windows\assembly\NativeImages_v2.0.50727_32\AcLayer\57432e1ef06c771c51cb0e643c9fc663\AcLayer.ni.dll
+ 2010-07-31 08:55 . 2010-07-31 08:55 7633920 c:\windows\assembly\NativeImages_v2.0.50727_32\acdbmgd\5117915effb240eb2f5930e524defca3\acdbmgd.ni.dll
+ 2010-07-31 08:54 . 2010-07-31 08:54 17815040 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c3511f3fe691d8a1d398a7e21385824c\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 09:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSoft PDF Printer Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSoft PDF Printer Agent.lnk
backup=c:\windows\pss\SmartSoft PDF Printer Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2007-03-28 02:56 413696 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2007-03-28 02:51 126976 ------w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-01-31 02:01 2618944 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-30 08:29 135664 -----tw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-03-22 17:02 120368 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-07 16:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 04:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-14 14:37 13549568 ------w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-14 14:37 86016 ------w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-14 14:37 1630208 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-01-16 19:51 749568 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-28 23:38 925696 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 06:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 00:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-03-30 01:40 181808 ------w- c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wanActivate]
2007-02-14 21:08 446464 ------w- c:\program files\Lenovo\ActivateWan\WanActivate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 09:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\vwArchitectMPISolver.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\mpiexec.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEMaster.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\smpd.exe"=
"c:\\Program Files\\Virtualwind\\Virtualwind 2.1\\bin\\ViNEExecutor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/3/2007 10:47 AM 19760]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\Virtualwind\Virtualwind 2.1\bin\smpd.exe [10/24/2008 2:36 PM 724992]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 3:10 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/9/2007 6:11 AM 569344]
R3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [1/13/2007 6:26 AM 102144]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [1/13/2007 3:29 AM 70656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/14/2006 5:42 AM 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 12:23 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/21/2010 11:38 AM 18432]

--- Other Services/Drivers In Memory ---

*Deregistered* - nadrb
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 02:23]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2451687304-371562479-257786285-1005UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 08:29]

2010-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]

2010-07-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-15 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 00:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nadrb]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1732)
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1788)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-01 00:48:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 14:48
ComboFix2.txt 2010-07-31 08:19

Pre-Run: 6,700,945,408 bytes free
Post-Run: 6,719,922,176 bytes free

- - End Of File - - 91E6DF3AE3432B1148E78B3F396CC8DD

[Blade81]

Hi,

Choosing update option was fine

Upload c:\windows\system32\drivers\nadrb.sys file to http://www.virustotal.com (rescan if it says the file has been scanned before) and post back the results/a link to the results.