Hi, i did the combofix and dds in normal mode but not connected to internet cause when connected to internet my desktop will not load. When i run the combox fix, there is a part where it ask to download Microsoft Recovery Console but i was unable to download because i was not connected to internet. Is there a need for me to run the combo fix again in safe mode with networking?
Another problem is the my combofix is in chinese, i don't have the cd so i can't change it back to english. if there is any part that you need translation, please tell me.
The combofix result:
ComboFix 09-02-02.04 - Administrator 2009-02-04 16:16:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.383.134 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* 成功创造新还原点
注意 - 这台电脑没有安装恢复控制台 !!
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\BITS
c:\documents and settings\Administrator\Application Data\BITS\BITS.ini
c:\documents and settings\Administrator\Application Data\BITS\DHTTable.dat
c:\documents and settings\Administrator\Application Data\BITS\ProxyList.ini
c:\documents and settings\All Users\Application Data\FlashGetBHO
c:\documents and settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll
c:\documents and settings\All Users\Application Data\FlashGetBHO\FlvDetector.exe
c:\documents and settings\All Users\Application Data\FlashGetBHO\FlvDetector.ini
c:\documents and settings\All Users\Application Data\FlashGetBHO\LiveQuery.exe
c:\documents and settings\All Users\Application Data\FlashGetBHO\LiveQuery.ini
c:\documents and settings\All Users\Application Data\FlashGetBHO\LiveSupport.exe
c:\documents and settings\All Users\Application Data\FlashGetBHO\zlib.dll
c:\program files\FlashGet Network
c:\program files\FlashGet Network\Flashget\?粀?
c:\program files\FlashGet Network\Flashget\Bhocfg.ini
c:\program files\FlashGet Network\Flashget\caption.ini
c:\program files\FlashGet Network\Flashget\dbtrans_verbose.log
c:\program files\FlashGet Network\Flashget\fgoption.ini
c:\program files\FlashGet Network\Flashget\Flvdetector.htm
c:\program files\FlashGet Network\Flashget\FlvDetector.ini
c:\program files\FlashGet Network\Flashget\InmediaInfo.ini
c:\program files\FlashGet Network\Flashget\JCCHS.INI
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\
0.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\1.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\10.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\11.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\12.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\13.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\14.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\15.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\16.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\17.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\18.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\19.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\2.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\20.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\21.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\3.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\4.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\5.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\6.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\7.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\8.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\9.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\nologin.bmp
c:\program files\FlashGet Network\Flashget\P2PCfg.ini
c:\program files\FlashGet Network\Flashget\p2spmgr.ini
c:\program files\FlashGet Network\Flashget\P4PClientInfo.ini
c:\program files\FlashGet Network\Flashget\p4spmgr.ini
c:\program files\FlashGet Network\Flashget\Profiles\config.dat
c:\program files\FlashGet Network\Flashget\Profiles\tasks.dat
c:\program files\FlashGet Network\Flashget\StatInfo.ini
c:\program files\FlashGet Network\Flashget\transaction.log
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\admshare.dat
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSDRV32
-------\Legacy_WINHOST32SVR
-------\Legacy_WINSPOOLSVC
((((((((((((((((((((((((( 2009-01-04 至 2009-02-04 的新的档案 )))))))))))))))))))))))))))))))
.
2009-02-04 15:59 . 2009-02-04 15:59 <DIR> d-------- c:\program files\KWMUSIC
2009-02-02 21:39 . 2009-02-02 21:39 244 --ah----- C:\sqmnoopt03.sqm
2009-02-02 21:39 . 2009-02-02 21:39 232 --ah----- C:\sqmdata03.sqm
2009-01-28 22:31 . 2009-01-28 22:31 0 --a------ c:\windows\ViDown.INI
2009-01-27 19:17 . 2009-01-27 19:17 244 --ah----- C:\sqmnoopt02.sqm
2009-01-27 19:17 . 2009-01-27 19:17 232 --ah----- C:\sqmdata02.sqm
2009-01-26 17:49 . 2009-01-26 17:49 244 --ah----- C:\sqmnoopt01.sqm
2009-01-26 17:49 . 2009-01-26 17:49 232 --ah----- C:\sqmdata01.sqm
2009-01-24 20:19 . 2004-08-03 23:00 22,016 --a------ c:\windows\system32\drivers\MSIRCOMM.sys
2009-01-24 09:37 . 2009-01-24 10:00 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2009-01-23 17:21 . 2009-01-23 17:21 244 --ah----- C:\sqmnoopt00.sqm
2009-01-23 17:21 . 2009-01-23 17:21 232 --ah----- C:\sqmdata00.sqm
2009-01-22 22:15 . 2009-01-22 22:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 22:15 . 2009-01-22 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 22:15 . 2009-01-22 22:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-22 22:15 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 22:15 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-22 19:01 . 2009-01-22 19:02 3,739 --a------ c:\windows\imsins.BAK
2009-01-12 23:01 . 2009-01-21 22:37 <DIR> d-------- c:\program files\mxzy
2009-01-06 22:19 . 2009-01-23 01:16 <DIR> d-------- c:\program files\Common Files\Symantec Shared
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 07:57 --------- d-----w c:\program files\PPStream
2009-02-04 07:57 --------- d-----w c:\documents and settings\Administrator\Application Data\PPStream
2009-01-24 07:03 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-22 16:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-31 11:28 --------- d-----w c:\program files\Alwil Software
2008-12-05 12:57 --------- d-----w c:\program files\NJStar Communicator
2008-12-05 12:57 --------- d-----w c:\documents and settings\Administrator\Application Data\NJStar
2008-07-04 02:33 24,576 ----a-w c:\program files\mozilla firefox\components\CheckTudouVa.dll
2008-07-01 09:40 36,864 ----a-w c:\program files\mozilla firefox\components\NsThunderLoader.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-16 294912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-13 185896]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-07-05 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-05 143360]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 c:\windows\system32\tp4mon.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]
"LTWinModem1"="ltmsg.exe" [2001-04-03 c:\windows\system32\ltmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2004-08-04 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-07-05 00:57 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 20:16 24576 c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-08-23 11520]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 111184]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-08-23 4224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]
S0 stxlbou;stxlbou;c:\windows\system32\drivers\bnbyd.sys --> c:\windows\system32\drivers\bnbyd.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efca6df0-7a58-11dd-983c-00d059cd9070}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
‘计划任务’ 文件夹 里的内容
2008-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-21 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_05\bin\jusched.exe
HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
.
------- 而外的扫描 -------
.
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} - hxxp://photo.163.com/163Uploader.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9z3yj8sz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Mozilla Firefox\components\CheckTudouVa.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
.
.
------- 文件类型 -------
.
inffile=c:\windows\system32\NOTEPAD2.EXE %1
inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-04 16:26:06
Windows 5.1.2600 Service Pack 2 NTFS
扫描被隐藏的进程 。。。
扫描被隐藏的启动组 。。。
扫描被隐藏的文件 。。。
扫描完成
被隐藏的档案: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\Software\KMPlayer\KMP2.0\EqulizerList\*`鏴髼PN]
"0"=dword:0000000f
"1"=dword:0000000f
"2"=dword:0000000a
"3"=dword:fffffffb
"4"=dword:fffffff1
"5"=dword:ffffffe7
"6"=dword:fffffff1
"7"=dword:fffffffb
"8"=dword:0000000a
"9"=dword:0000001e
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ff譥?a *lx豽Hr]
"Order"=hex:08,00,00,00,02,00,00,00,80,01,00,00,01,00,00,00,03,00,00,00,7e,00,
00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,36,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ff譥?a *lx豽Hr]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
.
--------------------- 运行进程下的动态链接库 ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
- - - - - - - > 'lsass.exe'(784)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conime.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
完成时间: 2009-02-04 16:30:59 - 电脑已重新启动 [Administrator]
ComboFix-quarantined-files.txt 2009-02-04 08:30:55
Pre-Run: 21,240,532,992 bytes free
Post-Run: 22,056,382,464 bytes free
277 --- E O F --- 2009-01-21 14:19:20
The DDS report:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 16:34:49.00 on 02/04/2009 Wed
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.383.149 [GMT 8:00]
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrackPointSrv] tp4mon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [LTWinModem1] ltmsg.exe 9
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} - hxxp://photo.163.com/163Uploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\9z3yj8sz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\mozilla firefox\components\CheckTudouVa.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
============= SERVICES / DRIVERS ===============
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-8-23 11520]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 111184]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-8-23 4224]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-31 352920]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-31 155160]
R4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
S0 stxlbou;stxlbou;c:\windows\system32\drivers\bnbyd.sys --> c:\windows\system32\drivers\bnbyd.sys [?]
============== File Associations ===============
inffile=c:\windows\system32\NOTEPAD2.EXE %1
inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1
=============== Created Last 30 ================
2009-02-04 16:15 161,792 a------- c:\windows\SWREG.exe
2009-02-04 16:15 98,816 a------- c:\windows\sed.exe
2009-02-04 15:59 <DIR> --d----- c:\program files\KWMUSIC
2009-02-02 21:39 244 a---h--- C:\sqmnoopt03.sqm
2009-02-02 21:39 232 a---h--- C:\sqmdata03.sqm
2009-01-28 22:31 0 a------- c:\windows\ViDown.INI
2009-01-27 19:17 244 a---h--- C:\sqmnoopt02.sqm
2009-01-27 19:17 232 a---h--- C:\sqmdata02.sqm
2009-01-26 17:49 244 a---h--- C:\sqmnoopt01.sqm
2009-01-26 17:49 232 a---h--- C:\sqmdata01.sqm
2009-01-24 20:19 22,016 a------- c:\windows\system32\drivers\MSIRCOMM.sys
2009-01-24 09:37 <DIR> --d----- c:\documents and settings\administrator\DoctorWeb
2009-01-23 17:21 244 a---h--- C:\sqmnoopt00.sqm
2009-01-23 17:21 232 a---h--- C:\sqmdata00.sqm
2009-01-22 22:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-01-22 22:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-22 22:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 22:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-22 19:57 <DIR> --d----- c:\windows\pss
2009-01-22 19:01 3,739 a------- c:\windows\imsins.BAK
2009-01-12 23:01 <DIR> --d----- c:\program files\mxzy
2009-01-06 22:19 <DIR> --d----- c:\program files\common files\Symantec Shared
==================== Find3M ====================
2009-01-28 22:24 16,589 a------- c:\windows\system32\cid_store.dat
============= FINISH: 16:35:10.50 ===============