Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autoupdates disabled and can't be enabled!


  • This topic is locked This topic is locked
8 replies to this topic

#1 bobbuilder

bobbuilder

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 22 January 2009 - 08:55 AM

Hi, my windows automatic updates have been disabled and i can't get it enabled no matter what. Please help... Thanks
Here is my DDS log
I have also attached my attach.txt file

Thank you in advance to whoever is helping me with this!!

DDS (Ver_09-01-19.01) - NTFSx86
Run by Jason at 8:47:36.64 on Thu 01/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -5:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\vpdhost.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\HumanizedEnso\Enso.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\miniMIZE\miniMIZE.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\minibin\minibin.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\powerclick\PowerClick.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\SuperF4\SuperF4.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\Yzshadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\MyStuff\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: UIHost=XPize_Logon.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\documents and settings\jason\application data\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\documents and settings\jason\application data\lastpass\LPBar.dll
TB: {32CA105A-BD6C-4AFC-B4D9-346262E9F483} - No File
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [XPize Darkside Reloader] c:\windows\xpize darkside\XPize Darkside Reloader.exe /S
uRun: [HumanizedEnso] c:\documents and settings\jason\local settings\application data\humanizedenso\Enso.exe --disable-monologue-boxes
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Turn Off Monitor] c:\program files\turn off monitor\TurnOffMon.exe :silent
uRun: [Auto LogOff] c:\program files\turn off monitor\AutoLogOff.exe :silent
uRun: [WinRoll] "c:\program files\winroll\winroll.exe
uRun: [miniMIZE] c:\program files\minimize\miniMIZE.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE USB PC Camera 301P
mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [TrayFactory] c:\program files\ps tray factory\PSTrayFactory.exe /start
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [VP Drv] vpdhost.exe
mRunOnce: [TrayFactory] c:\program files\ps tray factory\PSTrayFactory.exe /start
mRunServices: [VP Drv] vpdhost.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\client~1.lnk - c:\program files\samurize\Client.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\gmaila~1.lnk - c:\documents and settings\jason\mystuff\portable apps\gmailassistant20.20080907\GmailAssistant.jar
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\keepen~1.lnk - c:\documents and settings\jason\mystuff\portable apps\keepensoinmemory\keep_enso_in_memory.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\minibin.lnk - c:\documents and settings\jason\mystuff\portable apps\minibin\minibin.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\powerc~1.lnk - c:\documents and settings\jason\mystuff\portable apps\powerclick\PowerClick.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\shrink~1.lnk - c:\program files\shrink pic\shrink_pic.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\superf4.lnk - c:\documents and settings\jason\mystuff\portable apps\superf4\SuperF4.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\yzshadow.lnk - c:\documents and settings\jason\mystuff\portable apps\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\documents and settings\jason\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\jason\application data\lastpass\context.html?cmd=fillforms
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230670071656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230699093437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {EE324C39-BDAB-48A4-8342-CBD29956B839} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\f8z4y7ih.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\documents and settings\jason\application data\mozilla\firefox\profiles\f8z4y7ih.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-12-30 17264]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2008-12-30 88576]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-12-30 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-12-30 6016]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2008-12-30 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-12-30 4442]
R1 Wirelessuio;Wireless Usermode I/O Protocol;c:\windows\system32\drivers\Wirelessuio.sys [2003-11-25 12160]
R4 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]
R4 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R4 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-1-21 42512]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]
S4 Turn Off Monitor Service;Turn Off Monitor Service;c:\program files\turn off monitor\TOMService.exe [2009-1-1 86016]

=============== Created Last 30 ================

2009-01-22 08:38 <DIR> --d----- c:\program files\Trend Micro
2009-01-21 21:20 240,240 a------- c:\windows\system32\wpcap.dll
2009-01-21 21:20 88,704 a------- c:\windows\system32\packet.dll
2009-01-21 21:20 42,512 a------- c:\windows\system32\drivers\npf.sys
2009-01-18 15:03 7,552 a------- c:\windows\system32\drivers\enodpl.sys
2009-01-18 15:03 4,736 a------- c:\windows\system32\drivers\tandpl.sys
2009-01-18 12:58 131,072 a----r-- c:\windows\system32\eax.dll
2009-01-17 18:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{DE032019-B933-4DF4-9174-48C52613DA13}
2009-01-17 15:28 <DIR> --d----- c:\docume~1\jason\applic~1\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
2009-01-16 21:42 <DIR> --d----- c:\program files\CD Audio Reader Filter
2009-01-16 21:42 <DIR> --d----- c:\program files\DScaler5
2009-01-16 21:20 <DIR> --d----- c:\program files\SHOUTcast Source
2009-01-16 21:20 <DIR> --d----- c:\program files\DSP-worx
2009-01-16 21:19 <DIR> --d----- c:\program files\Zoom Player
2009-01-16 21:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zoom Player
2009-01-16 20:58 <DIR> --d----- C:\3cb78c9ceb96d1fcc5a0bfeae1
2009-01-16 20:58 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-16 20:58 <DIR> --d----- C:\7ee4a9f6adeeb286c1bffcde1fc0e3
2009-01-16 18:04 <DIR> --d----- c:\program files\Samurize
2009-01-16 13:14 <DIR> --d----- c:\program files\SpywareBlaster
2009-01-16 13:14 <DIR> --d----- c:\docume~1\jason\applic~1\BatteryBar
2009-01-16 13:14 <DIR> --d----- c:\program files\BatteryBar
2009-01-15 22:48 <DIR> --d----- c:\docume~1\jason\applic~1\Malwarebytes
2009-01-15 22:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 22:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 22:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 22:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-15 22:48 <DIR> --d----- c:\program files\common files\Download Manager
2009-01-15 22:03 <DIR> --d----- c:\docume~1\jason\applic~1\Auslogics
2009-01-15 21:51 <DIR> --d----- c:\program files\CCleaner
2009-01-15 21:14 280 a------- c:\windows\system32\PDBootState
2009-01-15 17:04 22,817 a------- c:\windows\system32\pnkbstr
2009-01-15 17:03 <DIR> --d----- c:\docume~1\jason\applic~1\Crayon Physics Deluxe
2009-01-15 17:03 163,840 a------- c:\windows\system32\pnkbstr.exe
2009-01-15 17:03 <DIR> --d----- c:\program files\Crayon Physics Deluxe
2009-01-14 11:31 <DIR> --d----- c:\docume~1\jason\applic~1\Songbird2
2009-01-14 11:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SongbirdVLC
2009-01-14 11:31 <DIR> --d----- c:\program files\Songbird
2009-01-13 12:22 <DIR> --d----- c:\docume~1\jason\applic~1\Bump Technologies, Inc
2009-01-12 10:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Muzzy Lane Software
2009-01-12 10:39 <DIR> --d----- c:\program files\Muzzy Lane Software
2009-01-11 09:44 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-11 09:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-10 16:55 <DIR> --d----- c:\docume~1\jason\applic~1\cYo
2009-01-10 16:55 <DIR> --d----- c:\program files\ComicRack
2009-01-10 10:37 <DIR> --d----- c:\docume~1\jason\applic~1\LEGO Company
2009-01-10 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DivoGames
2009-01-05 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-01-05 11:57 <DIR> --d----- c:\documents and settings\jason\WINDOWS
2009-01-03 21:53 <DIR> --d----- c:\program files\Trymedia
2009-01-03 20:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-01-03 14:25 168,448 a------- c:\windows\system32\unrar.dll
2009-01-03 14:25 839,680 a------- c:\windows\system32\lameACM.acm
2009-01-03 14:25 414 a------- c:\windows\system32\lame_acm.xml
2009-01-03 14:25 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-01-03 14:25 118,784 a------- c:\windows\system32\ac3acm.acm
2009-01-03 14:25 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-01-03 14:25 795,648 a------- c:\windows\system32\xvidcore.dll
2009-01-03 14:25 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-01-03 14:25 81,920 a------- c:\windows\system32\dpl100.dll
2009-01-03 14:24 684,032 a------- c:\windows\system32\divx.dll
2009-01-03 14:24 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-03 14:24 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-01-03 14:24 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-02 16:13 <DIR> --d----- c:\docume~1\jason\applic~1\Dexpot
2009-01-02 14:41 <DIR> --d----- c:\docume~1\jason\applic~1\InfraRecorder
2009-01-02 14:30 <DIR> --d----- c:\program files\WinRoll
2009-01-02 09:24 <DIR> --d----- c:\program files\InfraRecorder
2009-01-02 09:24 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-01-02 09:24 <DIR> --d----- c:\program files\Eraser
2009-01-01 21:26 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-01 21:26 57,344 a------- c:\windows\system32\QuickTime.qts
2009-01-01 21:26 <DIR> --d----- c:\program files\QuickTime Alternative
2009-01-01 18:04 39,424 a------- c:\windows\zipinst.exe
2009-01-01 17:44 <DIR> --d----- c:\program files\Turn Off Monitor
2009-01-01 14:34 16 a------- c:\windows\popcinfo.dat
2009-01-01 14:34 <DIR> --d----- c:\program files\PopCap Games
2009-01-01 14:33 720,896 a------- c:\windows\iun6002ev.exe
2009-01-01 14:08 <DIR> --d----- c:\docume~1\jason\applic~1\shrink_pic
2009-01-01 14:08 <DIR> --d----- c:\program files\Shrink Pic
2009-01-01 12:38 <DIR> --d----- c:\program files\Auslogics
2009-01-01 12:26 <DIR> --d----- c:\docume~1\jason\applic~1\AveDesk
2009-01-01 10:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\USBSRService
2009-01-01 09:27 67,204 a---h--- c:\windows\system32\mlfcache.dat
2009-01-01 08:43 <DIR> --d----- c:\program files\common files\Stardock
2008-12-31 21:28 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-12-31 21:28 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-31 21:28 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-31 21:28 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2008-12-31 21:28 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-31 21:28 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2008-12-31 21:28 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2008-12-31 21:28 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-31 21:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-31 19:53 <DIR> --d----- c:\program files\Yahoo!
2008-12-31 18:51 <DIR> --d----- c:\program files\Rainmeter
2008-12-31 18:25 237,552 a------- c:\windows\system32\tpuninst.exe
2008-12-31 18:25 <DIR> --d----- c:\program files\Windows Update Remover
2008-12-31 17:25 28,672 a------- c:\windows\system32\CleanMem.exe
2008-12-31 17:25 <DIR> --d----- c:\windows\CleanMem
2008-12-31 17:25 <DIR> --d----- c:\program files\CleanMem
2008-12-31 14:11 <DIR> --d----- c:\program files\AlbumArtDownloader
2008-12-31 13:12 230,664 a------- c:\windows\system32\PDBoot.exe
2008-12-31 13:08 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-31 13:07 <DIR> --d----- C:\e56c215f6c92ebf92feb577a3b03
2008-12-31 13:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-12-31 13:07 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-31 13:07 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-31 13:07 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-12-31 13:07 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-31 13:07 117,760 -------- c:\windows\system32\prntvpt.dll
2008-12-31 13:07 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-31 12:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MediaMonkey
2008-12-31 12:19 <DIR> --d----- c:\program files\MediaMonkey
2008-12-31 09:41 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-31 09:41 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-31 09:01 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-31 09:01 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-31 00:12 <DIR> --d----- c:\program files\Everything
2008-12-30 23:41 3,216 a------- c:\windows\system32\encobject.dat
2008-12-30 23:41 <DIR> --d----- c:\windows\system32\Client Security Solution
2008-12-30 23:30 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-30 23:24 <DIR> --d----- c:\windows\SHELLNEW
2008-12-30 22:16 <DIR> --d----- c:\documents and settings\jason\.scorched3d
2008-12-30 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Digsby
2008-12-30 22:06 <DIR> --d----- c:\program files\Unlocker
2008-12-30 21:55 <DIR> --d----- c:\program files\FeedStation
2008-12-30 21:54 <DIR> --d----- c:\program files\FeedDemon
2008-12-30 21:54 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{A850D4D9-871B-4234-908D-21C457767270}
2008-12-30 21:54 <DIR> --d----- c:\program files\Stardock
2008-12-30 21:23 <DIR> --d----- c:\program files\Bonjour
2008-12-30 21:16 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-30 21:13 <DIR> --d----- c:\docume~1\jason\applic~1\DAEMON Tools Pro
2008-12-30 21:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-30 21:12 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-30 20:57 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-30 20:57 <DIR> --d----- c:\docume~1\jason\applic~1\DAEMON Tools Lite
2008-12-30 20:38 <DIR> --d----- c:\program files\PS Tray Factory
2008-12-30 20:30 1,071,088 a------- c:\windows\system32\Mscomctl.ocx
2008-12-30 20:30 662,288 a------- c:\windows\system32\Mscomct2.ocx
2008-12-30 20:30 152,848 a------- c:\windows\system32\comdlg32.ocx
2008-12-30 20:30 109,248 a------- c:\windows\system32\Mswinsck.ocx
2008-12-30 20:30 <DIR> --d----- c:\program files\SmartSleep
2008-12-30 20:05 <DIR> --d----- c:\program files\miniMIZE
2008-12-30 18:29 361,600 a------- c:\windows\system32\dllcache\TCPIP.SYS
2008-12-30 18:27 7,420 a------- c:\windows\UA000106.DLL
2008-12-30 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterVideo
2008-12-30 18:25 <DIR> --d----- c:\program files\Windows Media Components
2008-12-30 18:25 <DIR> --d----- c:\program files\common files\Ulead Systems
2008-12-30 18:23 <DIR> --d----- c:\program files\Corel
2008-12-30 18:21 <DIR> --d----- c:\program files\Nitro PDF
2008-12-30 18:21 <DIR> --d----- c:\program files\common files\Nitro PDF
2008-12-30 18:21 <DIR> --d----- c:\program files\common files\BCL Technologies
2008-12-30 18:20 <DIR> --d----- c:\program files\ATI Technologies
2008-12-30 18:19 <DIR> --d----- c:\program files\NGOATIOD173
2008-12-30 17:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-30 17:48 <DIR> --d----- c:\program files\Skype
2008-12-30 17:47 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-30 17:47 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2008-12-30 17:47 17,264 a------- c:\windows\system32\drivers\mprifl.sys
2008-12-30 17:47 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-30 17:47 10,880 a------- c:\windows\system32\dllcache\ndisip.sys
2008-12-30 17:47 <DIR> --d----- c:\program files\My Lockbox
2008-12-30 17:47 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-30 17:47 16,384 a------- c:\windows\system32\dllcache\ipsink.ax
2008-12-30 17:47 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-30 17:47 15,232 a------- c:\windows\system32\dllcache\streamip.sys
2008-12-30 17:45 <DIR> --d----- c:\windows\system32\IOSUBSYS
2008-12-30 17:36 135 a------- c:\windows\wcx_ftp.ini
2008-12-30 17:34 <DIR> --d----- c:\program files\QuickMediaConverter
2008-12-30 17:33 545 a------- c:\windows\UC.PIF
2008-12-30 17:33 545 a------- c:\windows\RAR.PIF
2008-12-30 17:33 545 a------- c:\windows\PKZIP.PIF
2008-12-30 17:33 545 a------- c:\windows\PKUNZIP.PIF
2008-12-30 17:33 545 a------- c:\windows\NOCLOSE.PIF
2008-12-30 17:33 545 a------- c:\windows\LHA.PIF
2008-12-30 17:33 545 a------- c:\windows\ARJ.PIF
2008-12-30 17:33 3,629 a------- c:\windows\wincmd.ini
2008-12-30 17:33 <DIR> --d----- c:\program files\Total Commander
2008-12-30 17:22 26,368 a------- c:\windows\system32\dllcache\usbstor.sys
2008-12-30 16:59 <DIR> --d----- c:\program files\Scorched3D
2008-12-30 16:58 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2008-12-30 16:58 <DIR> --d----- c:\program files\Hamachi
2008-12-30 16:53 <DIR> --d----- C:\Programas
2008-12-30 16:53 <DIR> --d----- c:\docume~1\jason\applic~1\ESET
2008-12-30 16:52 <DIR> --d----- c:\program files\ESET
2008-12-30 16:51 218,624 a------- c:\windows\system32\uxtheme.uxtender
2008-12-30 16:27 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2008-12-30 16:26 138,496 -------- c:\windows\system32\dllcache\afd.sys
2008-12-30 16:26 <DIR> --d----- c:\windows\system32\scripting
2008-12-30 16:26 <DIR> --d----- c:\windows\system32\en
2008-12-30 16:26 <DIR> --d----- c:\windows\l2schemas
2008-12-30 16:26 <DIR> --d----- c:\windows\system32\bits
2008-12-30 16:25 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2008-12-30 16:25 1,160,192 -------- c:\windows\system32\dllcache\urlmon.dll
2008-12-30 16:25 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-12-30 16:24 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-30 16:23 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-12-30 16:23 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-30 16:23 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-30 16:23 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-30 16:23 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-30 16:23 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-30 16:23 <DIR> --d----- c:\windows\network diagnostic
2008-12-30 16:21 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2008-12-30 16:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-30 16:19 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2008-12-30 16:17 412,160 -------- c:\windows\system32\photometadatahandler.dll
2008-12-30 16:10 <DIR> --d----- c:\docume~1\jason\applic~1\Digsby
2008-12-30 16:09 <DIR> --d----- c:\program files\Digsby
2008-12-30 15:51 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-30 15:51 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-30 15:48 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-30 15:48 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-30 15:48 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-30 15:48 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-30 15:48 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-30 15:47 <DIR> --ds---- c:\documents and settings\jason\UserData
2008-12-30 15:39 <DIR> --d----- c:\docume~1\jason\applic~1\Kasper-Key_Sharing_Networ
2008-12-30 15:37 <DIR> --d----- c:\docume~1\jason\applic~1\Dropbox
2008-12-30 15:37 <DIR> --d----- c:\program files\Dropbox
2008-12-30 15:37 <DIR> --d----- c:\program files\Real Alternative
2008-12-30 15:22 87,608 a------- c:\docume~1\jason\applic~1\inst.exe
2008-12-30 15:22 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-12-30 15:22 47,360 a------- c:\docume~1\jason\applic~1\pcouffin.sys
2008-12-30 15:22 <DIR> --d----- c:\program files\DVDFab 5
2008-12-30 15:22 <DIR> --d----- c:\program files\iColorFolder
2008-12-30 15:21 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2008-12-30 15:20 <DIR> --d----- c:\program files\Raxco
2008-12-30 15:18 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-30 15:18 50 a------- c:\windows\system32\drivers\LENOVO_9462_A37.MRK
2008-12-30 15:18 10 a------- c:\windows\system32\firstboot.ibm
2008-12-30 15:18 <DIR> --d--r-- c:\documents and settings\Jason
2008-12-30 15:18 <DIR> --d----- c:\documents and settings\jason\Bluetooth Software
2008-12-30 15:18 <DIR> --d----- c:\docume~1\jason\applic~1\ThinkVantage
2008-12-30 15:18 <DIR> --d----- c:\docume~1\jason\applic~1\Symantec
2008-12-30 15:18 <DIR> --d----- c:\docume~1\jason\applic~1\Lenovo
2008-12-30 15:17 <DIR> --d--r-- c:\documents and settings\jason\MyStuff
2008-12-30 15:12 61 a------- c:\windows\smscfg.ini
2008-12-30 15:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-12-30 15:08 <DIR> --dshr-- C:\RRbackups
2008-12-30 15:07 115,880 -------- c:\windows\system32\pxinsi64.exe
2008-12-30 15:07 114,856 -------- c:\windows\system32\pxcpyi64.exe
2008-12-30 15:05 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2008-12-30 15:05 <DIR> --d----- c:\program files\SMI2
2008-12-30 15:05 <DIR> --d----- c:\program files\TVT SMBus
2008-12-30 15:05 <DIR> --d----- C:\SWSHARE
2008-12-30 15:05 7,012 a------- c:\windows\system32\drivers\pmemnt.sys
2008-12-30 15:05 23,552 a------- c:\windows\system32\drivers\psasrv.exe
2008-12-30 15:05 577,536 a------- c:\windows\system32\tvt_gina.dll
2008-12-30 15:05 282,624 a------- c:\windows\system32\tvt_gina_api.dll
2008-12-30 15:05 11,520 a------- c:\windows\system32\drivers\ANC.sys
2008-12-30 15:05 6,016 a------- c:\windows\system32\drivers\IBMBLDID.sys
2008-12-30 15:05 0 a------- c:\windows\system32\AccConnAdvanced.html
2008-12-30 15:04 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-30 15:04 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-30 15:03 <DIR> --d----- c:\windows\pss
2008-12-30 15:00 40 a------- c:\windows\system32\profile.dat
2008-12-30 14:59 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-30 14:59 <DIR> --d----- c:\docume~1\jason\applic~1\AMPSoft
2008-12-30 14:59 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-12-30 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-12-30 14:58 <DIR> --d----- C:\Icons
2008-12-30 14:57 156 a------- c:\windows\wininit.ini
2008-12-30 14:57 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-12-30 14:56 209,040 a------- c:\windows\system32\IVIresizeW7.dll
2008-12-30 14:56 204,944 a------- c:\windows\system32\IVIresizeA6.dll
2008-12-30 14:56 196,752 a------- c:\windows\system32\IVIresizeP6.dll
2008-12-30 14:56 196,752 a------- c:\windows\system32\IVIresizeM6.dll
2008-12-30 14:56 192,656 a------- c:\windows\system32\IVIresizePX.dll
2008-12-30 14:56 24,720 a------- c:\windows\system32\IVIresize.dll
2008-12-30 14:55 <DIR> --d----- c:\program files\InterVideo
2008-12-30 14:55 44,544 a------- c:\windows\system32\msxml4a.dll
2008-12-30 14:55 9,679 a------- c:\windows\system32\msxml4r.cat
2008-12-30 14:55 9,675 a------- c:\windows\system32\msxml4.cat
2008-12-30 14:55 3,489 a------- c:\windows\system32\msxml4.Manifest
2008-12-30 14:55 500 a------- c:\windows\system32\msxml4r.Manifest
2008-12-30 14:55 917,504 a------- c:\windows\system32\ahlprun.exe
2008-12-30 14:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lenovo
2008-12-30 14:54 <DIR> --d----- c:\program files\common files\Lenovo
2008-12-30 14:53 <DIR> --d----- c:\program files\AMP Font Viewer
2008-12-30 14:53 <DIR> --d----- c:\program files\ThinkVantage
2008-12-30 14:53 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-30 14:49 333 a------- c:\windows\system32\$ncsp$.inf
2008-12-30 14:48 2,510,752 a------- c:\windows\system32\dllcache\ativvaxx.dll
2008-12-30 14:48 2,401,984 a------- c:\windows\system32\dllcache\ati3duag.dll
2008-12-30 14:48 1,972,224 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-30 14:48 1,724,416 a------- c:\windows\system32\dllcache\ati2mtag.sys
2008-12-30 14:48 290,816 a------- c:\windows\system32\dllcache\ati2cqag.dll
2008-12-30 14:48 260,096 a------- c:\windows\system32\dllcache\ati2dvag.dll
2008-12-30 14:48 <DIR> --d----- c:\program files\Digital Line Detect
2008-12-30 14:48 <DIR> --d----- c:\program files\NetWaiting
2008-12-30 14:48 <DIR> --d----- c:\program files\CONEXANT
2008-12-30 14:46 7,168 a------- c:\windows\system32\drivers\TSMAPIP.SYS
2008-12-30 14:46 <DIR> --d----- c:\program files\Lenovo
2008-12-30 14:46 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2008-12-30 14:45 <DIR> --d----- c:\program files\Synaptics
2008-12-30 14:44 16,384 a------- c:\windows\PWMBTHLP.EXE
2008-12-30 14:44 4,442 a------- c:\windows\system32\drivers\TPPWRIF.SYS
2008-12-30 14:44 55,296 a------- c:\windows\system32\TP98.CPL
2008-12-30 14:44 9,343 a------- c:\windows\system32\drivers\TDSMAPI.SYS
2008-12-30 14:44 <DIR> --d----- c:\program files\ThinkPad
2008-12-30 14:44 14,848 a------- c:\windows\system32\drivers\SMAPINT.SYS
2008-12-30 14:42 28,672 a------- c:\windows\system32\verclsid.exe
2008-12-30 14:40 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-12-30 14:40 138 a------- c:\windows\system32\Softkbd.exe.config
2008-12-30 14:39 <DIR> --d----- c:\program files\jane
2008-12-30 14:38 <DIR> --d----- c:\windows\RegisteredPackages
2008-12-30 14:35 <DIR> --d----- c:\program files\Analog Devices
2008-12-30 14:35 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-30 14:35 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-30 14:35 14,208 a------- c:\windows\system32\drivers\battc.sys
2008-12-30 14:35 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2008-12-30 14:35 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2008-12-30 14:35 30,208 a------- c:\windows\system32\drivers\usbehci.sys
2008-12-30 14:35 7,168 a------- c:\windows\system32\hccoin.dll
2008-12-30 14:34 61,696 a------- c:\windows\system32\drivers\ohci1394.sys
2008-12-30 14:34 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2008-12-30 14:34 53,376 a------- c:\windows\system32\drivers\1394bus.sys
2008-12-30 14:31 <DIR> --d----- c:\program files\TaskSwitchXP
2008-12-30 14:30 2,790,400 a------- c:\windows\system32\XPize_Logon.exe
2008-12-30 14:28 218,624 a------- c:\windows\system32\uxtheme.backup
2008-12-30 14:28 <DIR> --d-h--- c:\windows\XPize Darkside
2008-12-30 14:27 <DIR> --d----- C:\SWTOOLS
2008-12-30 14:27 <DIR> --d----- c:\program files\ExtractNow
2008-12-30 14:26 <DIR> --d----- c:\docume~1\jason\applic~1\URSoft
2008-12-30 14:26 <DIR> --d----- c:\program files\Your Uninstaller 2008
2008-12-30 14:24 <DIR> --d----- c:\docume~1\jason\applic~1\uTorrent
2008-12-30 14:23 <DIR> a-d----- C:\I386
2008-12-30 14:12 266,360 a------- c:\windows\system32\TweakUI.exe
2008-12-30 14:12 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2008-12-30 14:07 <DIR> --d----- c:\docume~1\jason\applic~1\LastPass

==================== Find3M ====================

2009-01-13 14:28 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2008-12-30 16:51 218,624 a------- c:\windows\system32\uxtheme.dll
2008-12-30 16:29 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-30 15:42 106 a--sh--- c:\program files\desktop.ini
2008-12-30 15:05 17,536 a------- c:\windows\system32\drivers\psadd.sys
2008-12-30 14:47 0 a---hr-- c:\windows\system32\drivers\IBM_9462_A37_TP.MRK
2008-12-12 16:47 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-04 17:18 509,224 a------- c:\windows\system32\ICCProfiles.dll
2008-04-13 19:12 1,220,608 ---shr-- c:\windows\system32\vpdhost.exe

============= FINISH: 8:47:57.87 ===============

Attached Files


Edited by bobbuilder, 22 January 2009 - 04:49 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 30 January 2009 - 02:08 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

There doesn't appear to be an infection. Let's see what we can do.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 bobbuilder

bobbuilder
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 01 February 2009 - 08:05 PM

First of all, thank you for your time and helping me to try to resolve this problem.

My DDS Log. I'll attach the F-secure scan results in the next post.
Basically, my automatic updates have been disabled and when I try to re-enable it, Windows says "We're sorry. The security center could not change your automatic updates settings. To try changing these settings yourself, go to the system in control panel. On the automatic updates tab, select automatic (recommended), and then click ok."

However, when i go to the automatic updates tab, the setting is already on automatic!

DDS (Ver_09-01-19.01) - NTFSx86
Run by Jason at 19:59:42.82 on Sun 02/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1340 [GMT -5:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\HumanizedEnso\Enso.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\minibin\minibin.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\powerclick\PowerClick.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\SuperF4\SuperF4.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Documents and Settings\Jason\MyStuff\Portable Apps\Yzshadow\YzShadow.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\MyStuff\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=XPize_Logon.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\documents and settings\jason\application data\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\documents and settings\jason\application data\lastpass\LPBar.dll
TB: {32CA105A-BD6C-4AFC-B4D9-346262E9F483} - No File
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [XPize Darkside Reloader] c:\windows\xpize darkside\XPize Darkside Reloader.exe /S
uRun: [HumanizedEnso] c:\documents and settings\jason\local settings\application data\humanizedenso\Enso.exe --disable-monologue-boxes
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Turn Off Monitor] c:\program files\turn off monitor\TurnOffMon.exe :silent
uRun: [Auto LogOff] c:\program files\turn off monitor\AutoLogOff.exe :silent
uRun: [WinRoll] "c:\program files\winroll\winroll.exe
uRun: [miniMIZE] c:\program files\minimize\miniMIZE.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE USB PC Camera 301P
mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TrayFactory] c:\program files\ps tray factory\PSTrayFactory.EXE /start
mRunOnce: [TrayFactory] c:\program files\ps tray factory\PSTrayFactory.EXE /start
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\client~1.lnk - c:\program files\samurize\Client.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\gmaila~1.lnk - c:\documents and settings\jason\mystuff\portable apps\gmailassistant20.20080907\GmailAssistant.jar
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\keepen~1.lnk - c:\documents and settings\jason\mystuff\portable apps\keepensoinmemory\keep_enso_in_memory.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\minibin.lnk - c:\documents and settings\jason\mystuff\portable apps\minibin\minibin.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\powerc~1.lnk - c:\documents and settings\jason\mystuff\portable apps\powerclick\PowerClick.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\shrink~1.lnk - c:\program files\shrink pic\shrink_pic.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\superf4.lnk - c:\documents and settings\jason\mystuff\portable apps\superf4\SuperF4.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\yzshadow.lnk - c:\documents and settings\jason\mystuff\portable apps\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\documents and settings\jason\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\jason\application data\lastpass\context.html?cmd=fillforms
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230670071656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230699093437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {EE324C39-BDAB-48A4-8342-CBD29956B839} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\f8z4y7ih.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\documents and settings\jason\application data\mozilla\firefox\profiles\f8z4y7ih.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-12-30 17264]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2008-12-30 88576]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-12-30 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-12-30 6016]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2008-12-30 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-12-30 4442]
R1 Wirelessuio;Wireless Usermode I/O Protocol;c:\windows\system32\drivers\Wirelessuio.sys [2003-11-25 12160]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\jason\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-2-1 70144]
R4 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]
R4 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R4 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-1-21 42512]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]
S4 Turn Off Monitor Service;Turn Off Monitor Service;c:\program files\turn off monitor\TOMService.exe [2009-1-1 86016]

=============== Created Last 30 ================

2009-02-01 19:06 <DIR> --d----- C:\fsaua.data
2009-01-26 16:48 <DIR> --d----- c:\program files\PeerGuardian2
2009-01-25 09:27 <DIR> --d----- c:\program files\Auto Shutdown
2009-01-22 21:54 162 a------- c:\windows\ODBC.INI
2009-01-22 12:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-22 10:35 <DIR> --d----- c:\program files\Atomic-Ware Suite
2009-01-22 08:38 <DIR> --d----- c:\program files\Trend Micro
2009-01-21 21:20 240,240 a------- c:\windows\system32\wpcap.dll
2009-01-21 21:20 88,704 a------- c:\windows\system32\packet.dll
2009-01-21 21:20 42,512 a------- c:\windows\system32\drivers\npf.sys
2009-01-18 15:03 7,552 a------- c:\windows\system32\drivers\enodpl.sys
2009-01-18 15:03 4,736 a------- c:\windows\system32\drivers\tandpl.sys
2009-01-18 12:58 131,072 a----r-- c:\windows\system32\eax.dll
2009-01-17 18:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{DE032019-B933-4DF4-9174-48C52613DA13}
2009-01-17 15:28 <DIR> --d----- c:\docume~1\jason\applic~1\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
2009-01-16 21:42 <DIR> --d----- c:\program files\CD Audio Reader Filter
2009-01-16 21:20 <DIR> --d----- c:\program files\SHOUTcast Source
2009-01-16 20:58 <DIR> --d----- C:\3cb78c9ceb96d1fcc5a0bfeae1
2009-01-16 20:58 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-16 20:58 <DIR> --d----- C:\7ee4a9f6adeeb286c1bffcde1fc0e3
2009-01-16 18:04 <DIR> --d----- c:\program files\Samurize
2009-01-16 13:14 <DIR> --d----- c:\program files\SpywareBlaster
2009-01-16 13:14 <DIR> --d----- c:\docume~1\jason\applic~1\BatteryBar
2009-01-16 13:14 <DIR> --d----- c:\program files\BatteryBar
2009-01-15 22:48 <DIR> --d----- c:\docume~1\jason\applic~1\Malwarebytes
2009-01-15 22:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 22:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 22:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 22:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-15 22:48 <DIR> --d----- c:\program files\common files\Download Manager
2009-01-15 22:03 <DIR> --d----- c:\docume~1\jason\applic~1\Auslogics
2009-01-15 21:51 <DIR> --d----- c:\program files\CCleaner
2009-01-15 21:14 280 a------- c:\windows\system32\PDBootState
2009-01-15 17:04 22,817 a------- c:\windows\system32\pnkbstr
2009-01-15 17:03 <DIR> --d----- c:\docume~1\jason\applic~1\Crayon Physics Deluxe
2009-01-14 11:31 <DIR> --d----- c:\docume~1\jason\applic~1\Songbird2
2009-01-14 11:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SongbirdVLC
2009-01-14 11:31 <DIR> --d----- c:\program files\Songbird
2009-01-13 12:22 <DIR> --d----- c:\docume~1\jason\applic~1\Bump Technologies, Inc
2009-01-12 10:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Muzzy Lane Software
2009-01-11 09:44 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-11 09:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-10 16:55 <DIR> --d----- c:\docume~1\jason\applic~1\cYo
2009-01-10 16:55 <DIR> --d----- c:\program files\ComicRack
2009-01-10 10:37 <DIR> --d----- c:\docume~1\jason\applic~1\LEGO Company
2009-01-10 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DivoGames
2009-01-05 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-01-05 11:57 <DIR> --d----- c:\documents and settings\jason\WINDOWS
2009-01-03 21:53 <DIR> --d----- c:\program files\Trymedia
2009-01-03 20:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-01-03 14:25 168,448 a------- c:\windows\system32\unrar.dll
2009-01-03 14:25 839,680 a------- c:\windows\system32\lameACM.acm
2009-01-03 14:25 414 a------- c:\windows\system32\lame_acm.xml
2009-01-03 14:25 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-01-03 14:25 118,784 a------- c:\windows\system32\ac3acm.acm
2009-01-03 14:25 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-01-03 14:25 795,648 a------- c:\windows\system32\xvidcore.dll
2009-01-03 14:25 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-01-03 14:25 81,920 a------- c:\windows\system32\dpl100.dll
2009-01-03 14:24 684,032 a------- c:\windows\system32\divx.dll
2009-01-03 14:24 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-03 14:24 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-01-03 14:24 <DIR> --d----- c:\program files\K-Lite Codec Pack

==================== Find3M ====================

2009-02-01 18:47 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-01-13 14:28 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-01-13 14:28 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-01-13 14:28 361,600 a------- c:\windows\system32\dllcache\TCPIP.SYS
2009-01-01 18:04 39,424 a------- c:\windows\zipinst.exe
2009-01-01 14:33 720,896 a------- c:\windows\iun6002ev.exe
2009-01-01 09:27 67,204 a---h--- c:\windows\system32\mlfcache.dat
2008-12-31 13:12 230,664 a------- c:\windows\system32\PDBoot.exe
2008-12-31 09:41 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-30 23:41 3,216 a------- c:\windows\system32\encobject.dat
2008-12-30 20:57 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-30 16:58 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2008-12-30 16:51 218,624 a------- c:\windows\system32\uxtheme.dll
2008-12-30 16:29 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-30 15:42 106 a--sh--- c:\program files\desktop.ini
2008-12-30 15:22 87,608 a------- c:\docume~1\jason\applic~1\inst.exe
2008-12-30 15:22 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-12-30 15:22 47,360 a------- c:\docume~1\jason\applic~1\pcouffin.sys
2008-12-30 15:18 50 a------- c:\windows\system32\drivers\LENOVO_9462_A37.MRK
2008-12-30 15:06 23,552 a------- c:\windows\system32\drivers\psasrv.exe
2008-12-30 15:05 17,536 a------- c:\windows\system32\drivers\psadd.sys
2008-12-30 15:05 7,012 a------- c:\windows\system32\drivers\pmemnt.sys
2008-12-30 14:47 0 a---hr-- c:\windows\system32\drivers\IBM_9462_A37_TP.MRK
2008-12-30 14:46 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 16:47 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-04 17:18 509,224 a------- c:\windows\system32\ICCProfiles.dll

============= FINISH: 20:00:16.59 ===============

Attached Files


Edited by bobbuilder, 01 February 2009 - 08:06 PM.


#4 bobbuilder

bobbuilder
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 01 February 2009 - 08:05 PM

F-Secure log

Scanning Report
Sunday, February 01, 2009 19:14:22 - 19:57:54

Computer name: THINKPAD-JASON
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 6 malware found
Backdoor.Win32.Poison (virus)

* System

Backdoor.Win32.Poison.qfz (virus)

* C:\WINDOWS\SYSTEM32\PNKBSTR.EXE

Backdoor.Win32.Rbot (virus)

* System

Backdoor.Win32.Rbot.zqd (virus)

* C:\WINDOWS\SYSTEM32\VPDHOST.EXE

TrackingCookie.Webtrends (spyware)

* System

W32/Packed_FSG.D (virus)

* C:\DOCUMENTS AND SETTINGS\JASON\MYSTUFF\APPS\SNAPTER ICE - FROM DIGITAL CAMERA TO PDF IN ONE CLICK!\KEYGEN.EXE (Submitted)

Statistics
Scanned:

* Files: 35496
* System: 3551
* Not scanned: 10

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 6
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\JASON\MYSTUFF\APPS\YOUR_UNINSTALLER_PRO_2008_6.2.1343_CHRISTMAS_EDITION_NEW\KEYGEN-SND\YOURUNINSTALLER2008KEYGEN.EXE
* C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\TEMP\HSPERFDATA_JASON\2252

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.6.8511, 2009-02-01
* F-Secure AVP: 7.0.171, 2009-02-01
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 02 February 2009 - 08:12 AM

Hello.

Click on your Start Menu -> Run ->type: Services.msc
In the Service Control Manager, double click Automatic Updates.
Change the Startup Type to Automatic. Click Apply.
Click Start.

Is it still disabled?

With Regards,
The Panda

#6 bobbuilder

bobbuilder
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 02 February 2009 - 11:45 AM

Hmm... I couldn't find the automatic updates services so maybe that was what the problem was.
Anyways I did a little googling and I saw that I had to run this command

regsvr32 wuaueng.dll

So it seems that all is back to normal. What about the infections that F-Secure picked up? Did it clean that up already?
Thanks so much for your help!!

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 02 February 2009 - 11:54 AM

Hello.

That's good news.

F-Secure picked up a leftover and some keygens. You can delete those manually.

Looks like you are clean.

Set New System Restore Point
Now you should set a Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, tools cannot access it to delete these bad files, which sometimes can reinfect your system. Setting a new restore point after cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restore.
  • Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name then click Create.
  • Then, click on Start > Run and type:
    cleanmgr
  • Click OK > More Options tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

Edited by PropagandaPanda, 02 February 2009 - 05:31 PM.


#8 bobbuilder

bobbuilder
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 02 February 2009 - 12:00 PM

Alright... that computer looks pretty good.

Thanks so much for your help!!!

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 02 February 2009 - 05:32 PM

Welcome.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users