Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible UACd.sys infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 lughawy

lughawy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 26 January 2010 - 11:14 PM

Hello all,

First, let me thank you for providing such a wonderful service.

A couple days ago I started getting a window popping up that said Google Installer has encountered a problem and needs to close. I didn't think much of it, but now my system freezes regularly, Firefox crashes constantly and in addition to the Google pop-up, an IE one comes up as well, even though I only use Firefox. Links are constantly redirected, and I'm not even able to navigate to forums like this one (I'm using another pc for this). I've run scans with Avast, Ad-Aware and Malwarebytes (after the file name change trick finally allowed me to run it) to no avail. After reporting the error on the IE pop-up, it said that I have an UACd.sys problem. Any help is much appreciated.


DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 22:23:44.18 on Tue 01/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1256.1.1033.18.1014.433 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [TpShocks] TpShocks.exe
mRun: [UIUCU] c:\docume~1\user\locals~1\temp\UIUCU.EXE -CLEAN_UP
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Arab Bank Online Banking Service - hxxps://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
DPF: Microsoft XML Parser for Java
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\o645b013.default\
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-4 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-4 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-21 40384]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-21 40384]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-12-14 81280]
S0 gncsysju;gncsysju;c:\windows\system32\drivers\qfvv.sys --> c:\windows\system32\drivers\qfvv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-14 133104]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [2008-1-7 52384]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [2008-1-7 6096]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [2008-1-7 84384]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [2008-1-7 66016]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-3-21 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-3-21 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2008-3-21 40320]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2008-3-21 32000]

=============== Created Last 30 ================

2010-01-26 23:32:31 0 dc-h--w- c:\windows\ie8
2010-01-26 20:27:21 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-01-26 19:58:11 0 d-----w- c:\windows\pss
2010-01-26 18:53:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 18:53:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 18:53:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 18:53:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 17:23:12 0 d-----w- c:\docume~1\user\applic~1\Sammsoft
2010-01-25 17:22:46 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-01-25 16:21:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-25 15:19:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 17:46:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-14 13:46:44 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-29 16:54:01 0 d-sh--w- c:\documents and settings\user\IECompatCache

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 01:16:15 60744 ----a-w- c:\documents and settings\user\g2mdlhlpx.exe
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-09-03 23:21:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 22:24:54.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 27 January 2010 - 07:30 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:






It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 lughawy

lughawy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 27 January 2010 - 01:21 PM

Thanks so much for your help. I've pasted the log below. One thing to note, though I don't know if it's important, was that after I started ComboFix, a new pop-up came up saying that pev.exe had a problem and had to close. I just left it alone per your instructions.


ComboFix 10-01-26.06 - User 01/27/2010 12:50:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.962.1033.18.1014.619 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\User\My Documents\ZbThumbnail.info
c:\windows\system32\drivers\H8SRTlarockuytm.sys
c:\windows\system32\H8SRTayufyovmrx.dll
c:\windows\system32\H8SRTbecanlitul.dll
c:\windows\system32\H8SRTeuxdnqormx.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTndwyknecso.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTvylvoakbir.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 02:07 . 2010-01-27 02:07 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 23:32 . 2010-01-26 23:34 -------- dc-h--w- c:\windows\ie8
2010-01-26 20:27 . 2010-01-26 20:27 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-26 20:04 . 2010-01-26 20:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-26 18:53 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 18:53 . 2010-01-26 20:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 18:53 . 2010-01-26 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 18:53 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 17:23 . 2010-01-25 17:23 -------- d-----w- c:\documents and settings\User\Application Data\Sammsoft
2010-01-25 17:22 . 2010-01-25 17:22 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-01-25 16:21 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-25 15:19 . 2010-01-25 15:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 17:46 . 2010-01-21 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-20 15:48 . 2010-01-20 15:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-14 13:46 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-14 13:46 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-29 16:54 . 2009-12-29 16:54 -------- d-sh--w- c:\documents and settings\User\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 02:17 . 2007-12-14 12:36 56976 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 02:07 . 2010-01-27 02:07 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-358a8b47-n\msvcp71.dll
2010-01-27 02:07 . 2010-01-27 02:07 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-358a8b47-n\jmc.dll
2010-01-27 02:07 . 2010-01-27 02:07 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-358a8b47-n\msvcr71.dll
2010-01-27 02:07 . 2010-01-27 02:07 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37e6d78d-n\decora-sse.dll
2010-01-27 02:07 . 2010-01-27 02:07 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37e6d78d-n\decora-d3d.dll
2010-01-27 02:07 . 2007-12-26 11:12 -------- d-----w- c:\program files\Java
2010-01-27 02:00 . 2010-01-26 21:12 755 ----a-w- c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
2010-01-27 02:00 . 2010-01-26 21:12 755 ----a-w- c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
2010-01-27 01:33 . 2010-01-22 14:32 1028 ----a-w- c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-27 01:33 . 2010-01-22 14:32 1028 ----a-w- c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-26 23:29 . 2008-05-17 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 23:25 . 2008-05-17 08:56 -------- d-----w- c:\program files\Microsoft Works
2010-01-25 15:18 . 2007-12-14 04:31 -------- d-----w- c:\program files\Lavasoft
2010-01-25 15:18 . 2007-12-14 07:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-24 21:51 . 2009-11-14 02:32 -------- d-----w- c:\program files\Indentix
2010-01-24 21:51 . 2008-02-27 14:03 -------- d-----w- c:\program files\Citrix
2010-01-24 21:50 . 2007-12-28 05:26 -------- d-----w- c:\program files\Yahoo!
2010-01-24 02:11 . 2009-03-09 04:55 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-01-21 17:48 . 2007-12-13 22:49 -------- d-----w- c:\program files\Alwil Software
2010-01-20 14:12 . 2009-02-11 20:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 13:13 . 2008-04-04 20:27 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 11:57 . 2007-12-13 22:49 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-19 11:57 . 2007-12-13 22:49 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 11:46 . 2007-12-13 22:49 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 11:43 . 2007-12-13 22:49 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 11:43 . 2007-12-13 22:49 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 11:43 . 2007-12-13 22:49 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 11:42 . 2008-04-04 20:27 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2007-12-13 22:49 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-19 04:16 . 2008-01-26 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-18 21:07 . 2008-01-26 19:22 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-10 13:12 . 2009-09-27 17:53 -------- d-----w- c:\program files\BookCAT
2010-01-05 15:17 . 2009-09-14 15:03 97792 ----a-w- c:\documents and settings\User\Application Data\SMART Technologies Inc\Bridgit\3.4.161.2\BridgitCrashReporter.exe
2009-12-29 04:59 . 2007-12-14 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-21 19:14 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 18:50 . 2009-09-27 21:02 -------- d-----w- c:\program files\XMind
2009-12-18 01:16 . 2008-02-27 13:59 60744 ----a-w- c:\documents and settings\User\g2mdlhlpx.exe
2009-12-17 22:14 . 2009-04-03 10:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 01:23 . 2009-12-15 01:23 -------- d-----w- c:\documents and settings\User\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2009-12-14 22:57 . 2009-12-14 22:56 -------- d-----w- c:\program files\YNAB 3
2009-12-14 22:57 . 2009-12-14 22:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-14 22:55 . 2010-01-26 20:01 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 22:55 . 2009-12-14 22:57 38784 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 22:55 . 2009-12-14 22:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-07 14:10 . 2010-01-25 15:19 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-04 23:06 . 2009-12-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Mindjet
2009-12-04 23:06 . 2009-12-04 23:06 -------- d-----w- c:\program files\Mindjet
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-02 16:32 . 2009-12-02 16:32 -------- d-----w- c:\program files\MiShellSoft
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-03 21:03 . 2009-11-03 21:03 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2008-11-06 16:44 . 2008-11-06 16:44 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-06 16:44 . 2008-11-06 16:44 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-04 05:03 215528 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-24 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-09-13 237568]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-09-21 38240]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 13:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 08:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2008 3:27 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2008 3:27 PM 19024]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 10:00 PM 3456]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [12/14/2007 2:51 AM 81280]
S0 gncsysju;gncsysju;c:\windows\system32\drivers\qfvv.sys --> c:\windows\system32\drivers\qfvv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2009 8:28 AM 133104]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [1/7/2008 2:12 AM 52384]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [1/7/2008 2:12 AM 6096]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [1/7/2008 2:12 AM 84384]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [1/7/2008 2:12 AM 66016]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [3/21/2008 12:34 PM 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [3/21/2008 12:34 PM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [3/21/2008 12:34 PM 40320]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [3/21/2008 12:34 PM 32000]
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:28]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:28]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-24 16:49]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-24 16:49]

2010-01-27 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Arab Bank Online Banking Service - hxxps://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\o645b013.default\
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 12:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,b3,1b,46,5e,c0,be,b7,bc,d5,1d,60,1f,eb,ac,40,27,21,9d,b3,70,
c2,2a,72,c4,d2,a9,52,c3,a2,ee,d6,c2,37,e2,a5,61,d3,9d,22,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b14d61ce-8ffa-45fa-b626-8da731e83c38}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007e
"Therad"=dword:00000027
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1844)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1900)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(1744)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\program files\Essentials Codec Pack\Haali\mmfinfo.dll
c:\program files\Essentials Codec Pack\Haali\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Adobe\Reader 8.0\Reader\viewerps.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
.
**************************************************************************
.
Completion time: 2010-01-27 13:04:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 18:04

Pre-Run: 1,968,877,568 bytes free
Post-Run: 3,725,025,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A3C2FF8E12532D4B4B2D67E0F003D55B


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 28 January 2010 - 07:00 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
KillAll::

NetSvc::

Driver::
gncsysju

Rootkit::
c:\windows\system32\drivers\qfvv.sys

File::
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 lughawy

lughawy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 January 2010 - 09:39 AM

Here you go. It seems the pop-ups have stopped and the system is no longer freezing. Firefox has stopped crashing as well. The logs are below:

ComboFix 10-01-27.06 - User 01/28/2010 9:00.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.1.1033.18.1014.578 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll"
"c:\documents and settings\All Users\Application Data\h8srtmainqt.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gncsysju


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-27 02:07 . 2010-01-27 02:07 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 23:32 . 2010-01-26 23:34 -------- dc-h--w- c:\windows\ie8
2010-01-26 20:27 . 2010-01-26 20:27 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-26 20:04 . 2010-01-26 20:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-26 18:53 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 18:53 . 2010-01-26 20:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 18:53 . 2010-01-26 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 18:53 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 17:23 . 2010-01-25 17:23 -------- d-----w- c:\documents and settings\User\Application Data\Sammsoft
2010-01-25 17:22 . 2010-01-25 17:22 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-01-25 16:21 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-25 15:19 . 2010-01-25 15:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 17:46 . 2010-01-21 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-20 15:48 . 2010-01-20 15:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-14 13:46 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-14 13:46 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-29 16:54 . 2009-12-29 16:54 -------- d-sh--w- c:\documents and settings\User\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 02:17 . 2007-12-14 12:36 56976 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 02:07 . 2010-01-27 02:07 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-358a8b47-n\msvcp71.dll
2010-01-27 02:07 . 2010-01-27 02:07 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-358a8b47-n\jmc.dll
2010-01-27 02:07 . 2010-01-27 02:07 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-358a8b47-n\msvcr71.dll
2010-01-27 02:07 . 2010-01-27 02:07 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37e6d78d-n\decora-sse.dll
2010-01-27 02:07 . 2010-01-27 02:07 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37e6d78d-n\decora-d3d.dll
2010-01-27 02:07 . 2007-12-26 11:12 -------- d-----w- c:\program files\Java
2010-01-26 23:29 . 2008-05-17 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 23:25 . 2008-05-17 08:56 -------- d-----w- c:\program files\Microsoft Works
2010-01-25 15:18 . 2007-12-14 04:31 -------- d-----w- c:\program files\Lavasoft
2010-01-25 15:18 . 2007-12-14 07:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-24 21:51 . 2009-11-14 02:32 -------- d-----w- c:\program files\Indentix
2010-01-24 21:51 . 2008-02-27 14:03 -------- d-----w- c:\program files\Citrix
2010-01-24 21:50 . 2007-12-28 05:26 -------- d-----w- c:\program files\Yahoo!
2010-01-24 02:11 . 2009-03-09 04:55 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-01-21 17:48 . 2007-12-13 22:49 -------- d-----w- c:\program files\Alwil Software
2010-01-20 14:12 . 2009-02-11 20:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 13:13 . 2008-04-04 20:27 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 11:57 . 2007-12-13 22:49 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-19 11:57 . 2007-12-13 22:49 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 11:46 . 2007-12-13 22:49 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 11:43 . 2007-12-13 22:49 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 11:43 . 2007-12-13 22:49 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 11:43 . 2007-12-13 22:49 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 11:42 . 2008-04-04 20:27 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2007-12-13 22:49 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-19 04:16 . 2008-01-26 19:19 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-18 21:07 . 2008-01-26 19:22 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-10 13:12 . 2009-09-27 17:53 -------- d-----w- c:\program files\BookCAT
2010-01-05 15:17 . 2009-09-14 15:03 97792 ----a-w- c:\documents and settings\User\Application Data\SMART Technologies Inc\Bridgit\3.4.161.2\BridgitCrashReporter.exe
2009-12-29 04:59 . 2007-12-14 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-21 19:14 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 18:50 . 2009-09-27 21:02 -------- d-----w- c:\program files\XMind
2009-12-18 01:16 . 2008-02-27 13:59 60744 ----a-w- c:\documents and settings\User\g2mdlhlpx.exe
2009-12-17 22:14 . 2009-04-03 10:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 01:23 . 2009-12-15 01:23 -------- d-----w- c:\documents and settings\User\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2009-12-14 22:57 . 2009-12-14 22:56 -------- d-----w- c:\program files\YNAB 3
2009-12-14 22:57 . 2009-12-14 22:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-14 22:55 . 2010-01-26 20:01 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 22:55 . 2009-12-14 22:57 38784 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 22:55 . 2009-12-14 22:57 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-07 14:10 . 2010-01-25 15:19 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-04 23:06 . 2009-12-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Mindjet
2009-12-04 23:06 . 2009-12-04 23:06 -------- d-----w- c:\program files\Mindjet
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-02 16:32 . 2009-12-02 16:32 -------- d-----w- c:\program files\MiShellSoft
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-03 21:03 . 2009-11-03 21:03 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2008-11-06 16:44 . 2008-11-06 16:44 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-06 16:44 . 2008-11-06 16:44 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-04 05:03 215528 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-24 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-09-13 237568]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-09-21 38240]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 13:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 08:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2008 3:27 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2008 3:27 PM 19024]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 10:00 PM 3456]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [12/14/2007 2:51 AM 81280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2009 8:28 AM 133104]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [1/7/2008 2:12 AM 52384]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [1/7/2008 2:12 AM 6096]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [1/7/2008 2:12 AM 84384]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [1/7/2008 2:12 AM 66016]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [3/21/2008 12:34 PM 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [3/21/2008 12:34 PM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [3/21/2008 12:34 PM 40320]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [3/21/2008 12:34 PM 32000]
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:28]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:28]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-24 16:49]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-24 16:49]

2010-01-28 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Arab Bank Online Banking Service - hxxps://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\o645b013.default\
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,b3,1b,46,5e,c0,be,b7,bc,d5,1d,60,1f,eb,ac,40,27,21,9d,b3,70,
c2,2a,72,c4,d2,a9,52,c3,a2,ee,d6,c2,37,e2,a5,61,d3,9d,22,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b14d61ce-8ffa-45fa-b626-8da731e83c38}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007e
"Therad"=dword:00000027
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1840)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1896)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\program files\Essentials Codec Pack\Haali\mmfinfo.dll
c:\program files\Essentials Codec Pack\Haali\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Adobe\Reader 8.0\Reader\viewerps.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
.
**************************************************************************
.
Completion time: 2010-01-28 09:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 14:12
ComboFix2.txt 2010-01-27 18:04

Pre-Run: 3,712,348,160 bytes free
Post-Run: 3,678,224,384 bytes free

- - End Of File - - 966D9E273586A7D5DDF49F1BAB7B6C32








DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 9:30:37.34 on Thu 01/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1256.1.1033.18.1014.543 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\UMStor\Res.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Arab Bank Online Banking Service - hxxps://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
DPF: Microsoft XML Parser for Java
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\o645b013.default\
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-4 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-4 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-21 40384]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-21 40384]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-12-14 81280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-14 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-21 40384]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [2008-1-7 52384]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [2008-1-7 6096]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [2008-1-7 84384]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [2008-1-7 66016]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-3-21 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-3-21 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2008-3-21 40320]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2008-3-21 32000]

=============== Created Last 30 ================

2010-01-27 17:39:57 0 d-sha-r- C:\cmdcons
2010-01-27 17:38:39 98816 ----a-w- c:\windows\sed.exe
2010-01-27 17:38:39 77312 ----a-w- c:\windows\MBR.exe
2010-01-27 17:38:39 261632 ----a-w- c:\windows\PEV.exe
2010-01-27 17:38:39 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 23:32:31 0 dc-h--w- c:\windows\ie8
2010-01-26 20:27:21 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-01-26 19:58:11 0 d-----w- c:\windows\pss
2010-01-26 18:53:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 18:53:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 18:53:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 18:53:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 17:23:12 0 d-----w- c:\docume~1\user\applic~1\Sammsoft
2010-01-25 17:22:46 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-01-25 16:21:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-25 15:19:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 17:46:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-14 13:46:44 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-29 16:54:01 0 d-sh--w- c:\documents and settings\user\IECompatCache

==================== Find3M ====================

2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 01:16:15 60744 ----a-w- c:\documents and settings\user\g2mdlhlpx.exe
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-09-03 23:21:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 9:30:45.75 ===============


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 28 January 2010 - 01:41 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

How's the computer now? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 lughawy

lughawy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 January 2010 - 02:52 PM

Thank you so much: Things are much better. No more freezing, redirecting, or pop-ups.

I tried to go through the online scan, but after I press "Start" in step 2, another IE window pops up, it seems like it's getting ready to scan (the status bar on the bottom says: Waiting for http://www.eset.com/onlinescan/run_scanner.php) and then both IE windows just close. No options, nothing about activeX, no log. What do you think?



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 29 January 2010 - 05:32 AM

That strange.. Lets try another type of online scanner


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Go to Kaspersky Online Scanner

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases


5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 lughawy

lughawy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 29 January 2010 - 10:48 PM

Here it is:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 29, 2010 16:51:26
Records in database: 3384449
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 81963
Threats found: 2
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 03:40:56


File name / Threat / Threats count
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\52\5dbaeb34-75463007 Infected: Trojan-Downloader.Java.OpenStream.af 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTayufyovmrx.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTbecanlitul.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTeuxdnqormx.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTndwyknecso.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{51FC241B-E554-4FA9-8676-2D1E050B3F8E}\RP634\A0080145.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{51FC241B-E554-4FA9-8676-2D1E050B3F8E}\RP634\A0080146.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{51FC241B-E554-4FA9-8676-2D1E050B3F8E}\RP634\A0080147.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{51FC241B-E554-4FA9-8676-2D1E050B3F8E}\RP634\A0080148.dll Infected: Packed.Win32.TDSS.aa 1

Selected area has been scanned.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 31 January 2010 - 05:11 AM

Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore




NEXT


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread smile.gif



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 lughawy

lughawy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 01 February 2010 - 08:58 AM

Thank you very much for all your help. The system is running well, and I haven't had any of the problems previously mentioned.

You provide an invaluable service - it is much appreciated.

Take care




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users