Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect/wont shut down


  • This topic is locked This topic is locked
12 replies to this topic

#1 jongordo8

jongordo8

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 07 February 2010 - 06:03 PM

Avira says I have the HTML/Infected.WebPage.Gen but wont get rid of it, it just keeps popping up. Also on shutdown it just hangs, never finishes. Google redirects searches. When I try to install a program it takes forever (like an hour) to finish on a C2D computer, should take minutes not hours. Any help would be greatly appreciated.

I have scanned my computer with malware, adaware, spybot, and numerous antivirus (Avast, AVG, Avira, NOD32). I posted latest hijack this log and DDS log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:35 PM, on 2/7/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Sprint Con App Svc (CASprint) - Unknown owner - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5519 bytes







DDS (Ver_09-12-01.01) - NTFSx86
Run by Eddie at 19:31:52.99 on Sun 02/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1094 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Eddie\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\kzoq7h15.default\
FF - component: c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-1 24304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-2 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-7 207792]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-1-31 24856]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-7 112592]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-1 132456]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-11-24 62320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-2-1 45424]
S3 CASprint;Sprint Con App Svc;"c:\program files\sprint\sprint smartview\conappssvc.exe" /n "casprint" --> c:\program files\sprint\sprint smartview\ConAppsSvc.exe [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-8-28 17408]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-24 75112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-7 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-7 1141712]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\aprunsvc.exe --> c:\program files\apoint2k\ApRunSvc.exe [?]

=============== Created Last 30 ================

2010-02-07 20:51:04 0 d-----w- c:\programdata\ESET
2010-02-07 20:51:04 0 d-----w- c:\program files\ESET
2010-02-07 16:57:03 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-07 16:39:25 0 d-----w- C:\Device
2010-02-07 16:36:47 98816 ----a-w- c:\windows\sed.exe
2010-02-07 16:36:47 77312 ----a-w- c:\windows\MBR.exe
2010-02-07 16:36:47 261632 ----a-w- c:\windows\PEV.exe
2010-02-07 16:36:47 161792 ----a-w- c:\windows\SWREG.exe
2010-02-07 16:36:35 0 d-----w- C:\ComboFix
2010-02-07 13:15:00 0 d-----w- c:\program files\common files\PctelEapPeer Authentication
2010-02-07 13:14:59 0 d-----w- c:\program files\Sprint
2010-02-07 12:48:21 0 d-----w- c:\programdata\Sprint
2010-02-07 12:25:30 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-07 12:25:30 880 ----a-w- c:\windows\RegISSImport.xml
2010-02-07 12:25:30 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-07 12:25:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-07 12:25:30 131 ----a-w- c:\windows\IDB.zip
2010-02-07 12:25:29 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-07 12:25:29 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-07 12:25:29 1152444 ----a-w- c:\windows\UDB.zip
2010-02-07 12:24:48 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-07 12:24:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-07 12:24:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-07 12:24:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-07 12:24:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-07 12:24:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-07 12:24:45 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-07 12:24:41 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-07 12:24:41 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-07 12:24:30 0 d-----w- c:\users\eddie\appdata\roaming\PC Tools
2010-02-07 12:24:30 0 d-----w- c:\programdata\PC Tools
2010-02-07 12:24:30 0 d-----w- c:\program files\Spyware Doctor
2010-02-07 12:24:30 0 d-----w- c:\program files\common files\PC Tools
2010-02-07 12:24:17 0 d---a-w- c:\programdata\TEMP
2010-02-06 14:08:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 14:08:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 14:08:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 12:43:19 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 12:43:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 12:41:04 0 d-----w- C:\!KillBox
2010-02-06 12:18:14 0 d-----w- c:\program files\Trend Micro
2010-02-05 01:33:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-04 04:53:41 239133623 ----a-w- c:\windows\MEMORY.DMP
2010-02-04 01:02:27 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-04 00:58:20 0 d-----w- c:\programdata\Symantec
2010-02-04 00:58:20 0 d-----w- c:\programdata\Norton
2010-02-04 00:58:17 0 d-----w- c:\programdata\NortonInstaller
2010-02-04 00:53:38 0 d-----w- c:\program files\Conduit
2010-02-04 00:51:11 0 d-----w- c:\program files\iPod
2010-02-04 00:51:10 0 d-----w- c:\program files\iTunes
2010-02-04 00:48:54 0 d-----w- c:\program files\Bonjour
2010-02-03 04:31:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 04:28:09 0 d-----w- c:\program files\Lavasoft
2010-02-03 04:23:39 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 04:22:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-01 17:12:28 0 d-----w- c:\program files\common files\Intel
2010-02-01 16:12:29 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-02-01 16:09:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-01 15:03:35 0 d-----w- c:\programdata\CheckPoint
2010-02-01 08:56:29 0 d-----w- c:\programdata\Alwil Software
2010-02-01 08:36:43 0 d-----w- c:\program files\SystemRequirementsLab
2010-02-01 01:59:36 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-02-01 01:58:32 0 d-----w- c:\users\eddie\appdata\roaming\AVG8
2010-01-31 03:52:51 0 d-----w- c:\program files\AVG
2010-01-31 03:29:28 0 d-----w- c:\users\eddie\appdata\roaming\Malwarebytes
2010-01-31 03:29:20 0 d-----w- c:\programdata\Malwarebytes
2010-01-27 00:31:46 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 00:31:46 2614272 ----a-w- c:\windows\explorer.exe
2010-01-24 12:25:41 0 d-----w- c:\programdata\McAfee
2010-01-23 02:15:57 311296 ----a-w- c:\windows\system32\DelNetworkShortcut.exe
2010-01-23 02:15:57 29312 ----a-w- c:\windows\system32\nascoins.dll
2010-01-23 00:58:48 0 d-----w- c:\users\eddie\appdata\roaming\Intel
2010-01-22 12:20:28 54784 ----a-w- c:\users\eddie\How to study Reading #1.doc
2010-01-22 11:59:27 0 d-----w- c:\programdata\McAfee Security Scan
2010-01-22 11:52:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 03:05:12 0 d-----w- c:\programdata\CyberLink
2010-01-21 03:00:58 0 d-----w- C:\MyWorks
2010-01-21 00:54:57 0 d-----w- c:\windows\Driver Cache
2010-01-21 00:54:54 0 d-----w- c:\program files\AVerMedia
2010-01-20 03:13:42 0 d-----w- c:\users\eddie\appdata\roaming\Canneverbe_Limited
2010-01-20 03:13:42 0 d-----w- c:\programdata\Canneverbe Limited
2010-01-20 03:13:23 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 01:55:11 79872 --sha-w- c:\users\eddie\Thumbs.db
2010-01-17 14:10:17 0 d-----w- c:\program files\VideoLAN
2010-01-12 23:52:45 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 23:52:45 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-11 06:06:09 26624 ----a-w- c:\users\eddie\CheckListToSurveyYourStudyHabits-1.doc
2010-01-11 06:01:10 0 d-----w- c:\users\eddie\appdata\roaming\Foxit Software
2010-01-11 05:58:34 743930 ----a-r- c:\users\eddie\study habits in 5 steps.PDF
2010-01-11 05:57:23 8167 ----a-r- c:\users\eddie\study habits survey.PDF

==================== Find3M ====================

2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 09:12:00 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 09:12:00 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2009-12-18 21:02:26 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-11-10 04:40:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:32:31.94 ===============

Edited by jongordo8, 07 February 2010 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 jongordo8

jongordo8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 07 February 2010 - 09:00 PM

I ran GMER as well, disabled adaware and NOD32 and wireless and then ran it, here are the results (IDK If I missed a step cause it only took minutes to run, I read somewhere it takes a long time).

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 19:47:28
Windows 6.1.7600
Running: zwtdsbzo.exe; Driver: C:\Users\Eddie\AppData\Local\Temp\uflyapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88D5FCDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88D5FED0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88D600D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x88D5F984]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C93579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82CBF82C 8 Bytes [DE, FC, D5, 88, D0, FE, D5, ...] {FDIVP ST(4), ST; AAD 0x88; SAR DH, 0x1; AAD 0x88}
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82CBF864 4 Bytes [D8, 00, D6, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CBFCB8 4 Bytes [84, F9, D5, 88] {TEST CL, BH; AAD 0x88}
.text peauth.sys AA033C9D 28 Bytes [C4, 8D, F7, E7, 8E, 09, FC, ...]
.text peauth.sys AA033CC1 28 Bytes [C4, 8D, F7, E7, 8E, 09, FC, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1516] kernel32.dll!SetUnhandledExceptionFilter 778A3142 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1128] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[3364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[3364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[3364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[3364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[3364] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:23 PM

Posted 14 February 2010 - 10:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 jongordo8

jongordo8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 February 2010 - 11:08 PM

Ok so here are my current issues. I no longer have issues with the google redirect, but my computer wont shut down (it hangs at shut down screen). It will randomly crash and reboot, and some USB items wont be recognized (most notably a USB external HD that works in every other computer I have and used to work with this computer).

Once I found the website I ran hijack this and DDS logs and posted it above, then I ran GMER and posted it above. From there I ran combofix.

Newest DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Eddie at 22:02:30.80 on Sun 02/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1084 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Eddie\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\kzoq7h15.default\
FF - component: c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-1 24304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-2 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-7 207792]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-1-31 24856]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-7 112592]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-1 132456]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-11-24 62320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-2-1 45424]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-8-28 17408]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-24 75112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-7 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-7 1141712]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\aprunsvc.exe --> c:\program files\apoint2k\ApRunSvc.exe [?]

=============== Created Last 30 ================

2010-02-13 13:43:47 26496 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-02-13 13:42:03 0 d-----w- c:\program files\common files\Research in Motion
2010-02-13 13:42:02 0 d-----w- c:\program files\Sierra Wireless
2010-02-13 13:41:54 0 d-----w- c:\program files\common files\Motorola Shared
2010-02-13 13:41:53 0 d-----w- c:\program files\Novatel Wireless
2010-02-13 13:39:18 0 d-----w- c:\program files\Sierra Wireless Inc
2010-02-11 01:18:03 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-11 01:18:03 77824 ----a-w- c:\windows\system32\xvid.ax
2010-02-11 01:18:01 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-11 01:18:00 0 d-----w- c:\program files\Xvid
2010-02-11 01:17:22 0 d-----w- c:\program files\AviSynth 2.5
2010-02-11 01:16:18 0 d-----w- c:\program files\Avi2Dvd
2010-02-08 06:11:24 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-07 20:51:04 0 d-----w- c:\programdata\ESET
2010-02-07 20:51:04 0 d-----w- c:\program files\ESET
2010-02-07 16:39:25 0 d-----w- C:\Device
2010-02-07 16:36:47 98816 ----a-w- c:\windows\sed.exe
2010-02-07 16:36:47 77312 ----a-w- c:\windows\MBR.exe
2010-02-07 16:36:47 261632 ----a-w- c:\windows\PEV.exe
2010-02-07 16:36:47 161792 ----a-w- c:\windows\SWREG.exe
2010-02-07 13:15:00 0 d-----w- c:\program files\common files\PctelEapPeer Authentication
2010-02-07 13:14:59 0 d-----w- c:\program files\Sprint
2010-02-07 12:48:21 0 d-----w- c:\programdata\Sprint
2010-02-07 12:25:30 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-07 12:25:30 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-07 12:25:30 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-07 12:25:30 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-07 12:25:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-07 12:25:30 131 ----a-w- c:\windows\IDB.zip
2010-02-07 12:25:29 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-07 12:25:29 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-07 12:25:29 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-07 12:25:29 1152444 ----a-w- c:\windows\UDB.zip
2010-02-07 12:24:48 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-07 12:24:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-07 12:24:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-07 12:24:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-07 12:24:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-07 12:24:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-07 12:24:45 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-07 12:24:41 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-07 12:24:41 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-07 12:24:30 0 d-----w- c:\users\eddie\appdata\roaming\PC Tools
2010-02-07 12:24:30 0 d-----w- c:\programdata\PC Tools
2010-02-07 12:24:30 0 d-----w- c:\program files\Spyware Doctor
2010-02-07 12:24:30 0 d-----w- c:\program files\common files\PC Tools
2010-02-07 12:24:17 0 d---a-w- c:\programdata\TEMP
2010-02-06 14:08:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 14:08:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 14:08:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 12:43:19 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 12:43:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 12:41:04 0 d-----w- C:\!KillBox
2010-02-06 12:18:14 0 d-----w- c:\program files\Trend Micro
2010-02-05 01:33:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-04 04:53:41 247382887 ----a-w- c:\windows\MEMORY.DMP
2010-02-04 01:02:27 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-04 00:58:20 0 d-----w- c:\programdata\Symantec
2010-02-04 00:58:20 0 d-----w- c:\programdata\Norton
2010-02-04 00:58:17 0 d-----w- c:\programdata\NortonInstaller
2010-02-04 00:53:38 0 d-----w- c:\program files\Conduit
2010-02-04 00:51:11 0 d-----w- c:\program files\iPod
2010-02-04 00:51:10 0 d-----w- c:\program files\iTunes
2010-02-04 00:48:54 0 d-----w- c:\program files\Bonjour
2010-02-03 04:31:48 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 04:28:09 0 d-----w- c:\program files\Lavasoft
2010-02-03 04:23:39 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 04:22:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-01 17:12:28 0 d-----w- c:\program files\common files\Intel
2010-02-01 16:12:29 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-02-01 16:09:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-01 15:03:35 0 d-----w- c:\programdata\CheckPoint
2010-02-01 08:56:29 0 d-----w- c:\programdata\Alwil Software
2010-02-01 08:36:43 0 d-----w- c:\program files\SystemRequirementsLab
2010-02-01 01:59:36 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-02-01 01:58:32 0 d-----w- c:\users\eddie\appdata\roaming\AVG8
2010-01-31 03:52:51 0 d-----w- c:\program files\AVG
2010-01-31 03:29:28 0 d-----w- c:\users\eddie\appdata\roaming\Malwarebytes
2010-01-31 03:29:20 0 d-----w- c:\programdata\Malwarebytes
2010-01-27 00:31:46 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 00:31:46 2614272 ----a-w- c:\windows\explorer.exe
2010-01-24 12:25:41 0 d-----w- c:\programdata\McAfee
2010-01-23 02:15:57 311296 ----a-w- c:\windows\system32\DelNetworkShortcut.exe
2010-01-23 02:15:57 29312 ----a-w- c:\windows\system32\nascoins.dll
2010-01-23 00:58:48 0 d-----w- c:\users\eddie\appdata\roaming\Intel
2010-01-22 12:20:28 54784 ----a-w- c:\users\eddie\How to study Reading #1.doc
2010-01-22 11:59:27 0 d-----w- c:\programdata\McAfee Security Scan
2010-01-22 11:52:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 03:05:12 0 d-----w- c:\programdata\CyberLink
2010-01-21 03:00:58 0 d-----w- C:\MyWorks
2010-01-21 00:54:57 0 d-----w- c:\windows\Driver Cache
2010-01-21 00:54:54 0 d-----w- c:\program files\AVerMedia
2010-01-20 03:13:42 0 d-----w- c:\users\eddie\appdata\roaming\Canneverbe_Limited
2010-01-20 03:13:42 0 d-----w- c:\programdata\Canneverbe Limited
2010-01-20 03:13:23 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 01:55:11 79872 --sha-w- c:\users\eddie\Thumbs.db
2010-01-17 14:10:17 0 d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 09:12:00 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 09:12:00 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 21:02:26 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:03:14.56 ===============


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:23 PM

Posted 15 February 2010 - 10:58 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

You have run ComboFix unattended!

Please note: ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Since you already ran the tool, I need to see the log it created. Please locate this file C:\Combofix.txt and include its contents in your next reply.

~Blade


In your next reply, please include the following:
ComboFix.txt

Edited by Blade Zephon, 15 February 2010 - 10:58 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 jongordo8

jongordo8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 15 February 2010 - 11:20 AM

ComboFix 10-02-07.06 - Eddie 02/08/2010 0:03.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1367 [GMT -6:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-08 06:10 . 2010-02-08 06:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-08 06:10 . 2010-02-08 06:10 -------- d-----w- c:\users\Jon\AppData\Local\temp
2010-02-08 06:10 . 2010-02-08 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-08 06:03 . 2010-02-08 06:03 -------- d-----w- C:\32788R22FWJFW
2010-02-07 22:20 . 2010-02-07 22:20 -------- d-----w- c:\users\Eddie\AppData\Local\ESET
2010-02-07 20:51 . 2010-02-07 20:51 -------- d-----w- c:\program files\ESET
2010-02-07 16:51 . 2010-02-08 06:10 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2010-02-07 16:39 . 2010-02-07 16:39 -------- d-----w- C:\Device
2010-02-07 14:40 . 2010-02-07 14:40 -------- d-----w- c:\users\Eddie\AppData\Local\Sprint
2010-02-07 13:15 . 2010-02-07 19:02 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2010-02-07 13:14 . 2010-02-07 13:14 -------- d-----w- c:\program files\Sprint
2010-02-07 12:48 . 2010-02-07 12:48 -------- d-----w- c:\programdata\Sprint
2010-02-07 12:24 . 2010-02-07 12:24 -------- d-----w- c:\users\Eddie\AppData\Roaming\PC Tools
2010-02-07 12:24 . 2010-02-07 12:24 -------- d-----w- c:\programdata\PC Tools
2010-02-06 14:08 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 14:08 . 2010-02-06 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 14:08 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 12:43 . 2010-02-07 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 12:43 . 2010-02-07 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 12:41 . 2010-02-06 12:41 -------- d-----w- C:\!KillBox
2010-02-06 12:18 . 2010-02-06 12:18 -------- d-----w- c:\program files\Trend Micro
2010-02-05 01:33 . 2010-02-03 04:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-04 01:02 . 2010-02-04 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 00:58 . 2010-02-07 19:02 -------- d-----w- c:\programdata\Norton
2010-02-04 00:58 . 2010-02-07 19:02 -------- d-----w- c:\programdata\Symantec
2010-02-04 00:58 . 2010-02-04 00:58 -------- d-----w- c:\programdata\NortonInstaller
2010-02-04 00:53 . 2010-02-04 00:53 52224 ----a-w- c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-02-04 00:53 . 2010-02-04 00:53 101376 ----a-w- c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-02-04 00:53 . 2010-02-04 00:53 -------- d-----w- c:\program files\Conduit
2010-02-04 00:51 . 2010-02-04 00:51 -------- d-----w- c:\program files\iPod
2010-02-04 00:51 . 2010-02-04 00:51 -------- d-----w- c:\program files\iTunes
2010-02-04 00:48 . 2010-02-04 00:48 -------- d-----w- c:\program files\Bonjour
2010-02-04 00:47 . 2010-02-04 00:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 04:30 . 2010-02-05 01:02 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-03 04:30 . 2010-02-03 04:30 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-03 04:30 . 2010-02-05 01:02 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-03 04:30 . 2010-02-03 04:30 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-03 04:30 . 2010-02-03 04:30 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-03 04:30 . 2010-02-05 01:02 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-03 04:28 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-03 04:28 . 2010-02-03 04:28 -------- d-----w- c:\program files\Lavasoft
2010-02-03 04:23 . 2010-02-03 04:28 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 04:22 . 2010-02-03 04:31 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-01 19:57 . 2010-02-01 19:57 -------- d-----w- c:\program files\DIFX
2010-02-01 17:12 . 2010-02-01 17:12 -------- d-----w- c:\program files\Common Files\Intel
2010-02-01 16:12 . 2010-01-06 09:12 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-02-01 16:09 . 2009-11-02 20:03 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-01 15:03 . 2010-02-01 15:03 -------- d-----w- c:\programdata\CheckPoint
2010-02-01 08:56 . 2010-02-03 04:20 -------- d-----w- c:\programdata\Alwil Software
2010-02-01 08:56 . 2010-02-01 08:56 -------- d-----w- c:\program files\Alwil Software
2010-02-01 08:36 . 2010-02-01 08:36 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_d.dll
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_c.dll
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_b.dll
2010-02-01 08:36 . 2010-02-01 08:36 -------- d-----w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_a.dll
2010-02-01 01:59 . 2010-02-01 02:03 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-02-01 01:58 . 2010-02-01 01:58 -------- d-----w- c:\users\Eddie\AppData\Roaming\AVG8
2010-01-31 03:52 . 2010-01-31 03:52 -------- d-----w- c:\program files\AVG
2010-01-31 03:29 . 2010-01-31 03:29 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2010-01-31 03:29 . 2010-01-31 03:29 -------- d-----w- c:\programdata\Malwarebytes
2010-01-27 00:31 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 00:31 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-24 12:25 . 2010-01-24 12:25 -------- d-----w- c:\programdata\McAfee
2010-01-23 02:15 . 2007-06-05 06:27 29312 ----a-w- c:\windows\system32\nascoins.dll
2010-01-23 02:15 . 2007-04-03 08:33 311296 ----a-w- c:\windows\system32\DelNetworkShortcut.exe
2010-01-23 00:58 . 2010-02-01 14:42 -------- d-----w- c:\users\Eddie\AppData\Roaming\Intel
2010-01-23 00:57 . 2010-01-23 00:57 -------- d-----w- c:\users\Public\Lenovo
2010-01-22 11:59 . 2010-01-22 11:59 -------- d-----w- c:\programdata\McAfee Security Scan
2010-01-22 11:52 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 03:05 . 2010-01-21 03:05 -------- d-----w- c:\users\Eddie\AppData\Roaming\CyberLink
2010-01-21 03:05 . 2010-01-21 03:05 -------- d-----w- c:\programdata\CyberLink
2010-01-21 03:00 . 2010-01-21 03:00 -------- d-----w- C:\MyWorks
2010-01-21 03:00 . 2010-01-21 03:04 -------- d-----w- c:\program files\CyberLink
2010-01-21 00:54 . 2010-01-21 01:58 -------- d-----w- c:\windows\Driver Cache
2010-01-21 00:54 . 2010-01-21 00:54 -------- d-----w- c:\program files\AVerMedia
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\users\Eddie\AppData\Roaming\Canneverbe_Limited
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-20 03:13 . 2009-11-12 19:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\program files\CDBurnerXP
2010-01-17 14:10 . 2010-01-17 14:10 -------- d-----w- c:\program files\VideoLAN
2010-01-12 23:52 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:52 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 06:41 . 2010-01-12 06:42 4141117 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-01-12 06:41 . 2010-01-12 06:41 6516755 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-01-12 06:41 . 2010-01-12 06:41 15884 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
2010-01-12 06:41 . 2010-01-12 06:41 102400 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2010-01-11 06:01 . 2010-01-11 06:01 -------- d-----w- c:\users\Eddie\AppData\Roaming\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 03:52 . 2009-11-22 00:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-08 03:52 . 2009-12-03 01:28 -------- d-----w- c:\users\Eddie\AppData\Roaming\Azureus
2010-02-07 14:39 . 2010-02-07 12:24 -------- d-----w- c:\program files\Spyware Doctor
2010-02-07 12:25 . 2010-02-07 12:24 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-05 01:02 . 2010-02-03 04:31 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 00:58 . 2009-12-03 01:27 -------- d-----w- c:\program files\Vuze
2010-02-04 00:51 . 2009-11-21 21:37 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 04:31 . 2010-02-03 04:31 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-03 04:31 . 2010-02-03 04:31 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-03 04:31 . 2010-02-03 04:31 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-03 04:31 . 2010-02-03 04:31 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-03 04:31 . 2010-02-03 04:31 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-03 04:31 . 2010-02-03 04:31 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-03 04:31 . 2010-02-03 04:31 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-02-03 04:31 . 2010-02-03 04:31 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-03 04:31 . 2010-02-03 04:31 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-03 04:31 . 2010-02-03 04:31 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-03 04:31 . 2010-02-03 04:31 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-03 04:28 . 2009-11-10 04:57 -------- d-----w- c:\programdata\Lavasoft
2010-02-03 02:56 . 2009-11-10 05:23 -------- d-----w- c:\program files\Intel
2010-02-03 02:52 . 2009-11-15 03:45 -------- d-----w- c:\program files\Google
2010-01-30 02:06 . 2009-12-24 01:47 -------- d-----w- c:\program files\Cheat Engine
2010-01-23 02:17 . 2009-11-24 15:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 00:56 . 2009-11-24 14:56 -------- d-----w- c:\program files\Lenovo
2010-01-23 00:09 . 2009-11-22 04:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 12:06 . 2009-11-10 04:53 64264 ----a-w- c:\users\Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-21 00:08 . 2009-11-21 21:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:12 . 2009-11-10 04:55 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 09:12 . 2009-11-24 15:29 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 09:12 . 2009-11-24 15:28 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2009-12-27 14:19 . 2009-11-15 15:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-27 14:18 . 2009-11-15 15:28 38784 ----a-w- c:\users\Eddie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-27 14:18 . 2009-11-15 15:28 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-18 22:56 . 2009-12-18 22:52 -------- d-----w- c:\program files\Verizon
2009-12-18 22:56 . 2009-12-18 22:53 -------- d-----w- c:\programdata\WiFiTemp
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\program files\Common Files\Verizon Shared
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\program files\Wi-Fi Connect
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\programdata\Wi-Fi Connect
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\programdata\WEngineLite
2009-12-18 22:52 . 2009-12-18 22:52 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-12-18 21:02 . 2009-12-18 21:02 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-12-13 23:12 . 2009-12-13 23:12 -------- d-----w- c:\users\Jon\AppData\Roaming\Thunderbird
2009-12-13 23:12 . 2009-11-22 01:02 -------- d-----w- c:\users\Eddie\AppData\Roaming\Thunderbird
2009-12-12 06:36 . 2009-12-12 06:36 -------- d-----w- c:\users\Eddie\AppData\Roaming\Sprint
2009-12-12 06:35 . 2009-12-12 06:35 -------- d-----w- c:\users\Eddie\AppData\Roaming\Bytemobile
2009-12-02 18:12 . 2009-12-02 18:12 38680 ----a-w- c:\windows\system32\drivers\pctnullport.sys
2009-12-02 13:19 . 2010-02-03 04:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-22 00:56 . 2009-11-22 00:56 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 10:12 . 2009-11-20 10:12 626688 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcr80.dll
2009-11-20 10:12 . 2009-11-20 10:12 548864 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcp80.dll
2009-11-20 10:12 . 2009-11-20 10:12 479232 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcm80.dll
2009-11-20 10:12 . 2009-11-20 10:12 23552 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\CommandLine.dll
2009-11-20 10:12 . 2009-11-20 10:12 21504 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
2009-11-20 10:12 . 2009-11-20 10:12 1513472 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\Common.dll
2009-11-16 15:03 . 2009-11-16 15:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 14:56 . 2009-11-16 14:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-10 16:28 . 2010-02-07 12:25 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 16:28 . 2010-02-07 12:25 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 16:28 . 2010-02-07 12:25 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 16:26 . 2010-02-07 12:25 767952 ----a-w- c:\windows\BDTSupport.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-01-06 869736]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-08-17 55048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-09-09 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-08-17 21:27 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 15:38 62752 ----a-w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 06:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-10 04:40 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R0 DozeHDD;DozeHDD;c:\windows\System32\drivers\DOZEHDD.SYS [2/1/2010 10:12 AM 24304]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2/2/2010 10:31 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/7/2010 6:24 AM 207792]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [6/29/2009 1:51 PM 20520]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [1/31/2010 7:59 PM 24856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 5:52 PM 48128]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 3:18 PM 4231168]
S1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [5/12/2008 6:04 PM 13480]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/7/2010 6:25 AM 112592]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/1/2010 10:40 AM 132456]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [12/18/2009 3:02 PM 95896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2/1/2010 10:11 AM 45424]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 3:47 PM 12560]
S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/24/2009 9:30 AM 62320]
S3 CASprint;Sprint Con App Svc;"c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" --> c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [8/28/2009 8:42 PM 17408]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\System32\drivers\NETw5s32.sys [9/15/2009 12:40 PM 6114816]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor\pcdsrvc.pkms [11/20/2009 4:12 AM 20848]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/24/2009 9:29 AM 75112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/7/2010 6:24 AM 359624]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [7/13/2009 4:13 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 4:13 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [7/13/2009 4:13 PM 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [7/13/2009 5:52 PM 14336]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe --> c:\program files\Apoint2K\ApRunSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:02]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:02]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:02]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:02]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:02]

2010-01-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-02-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\
FF - component: c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-RDVCHG - c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3772)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-02-08 00:12:25
ComboFix-quarantined-files.txt 2010-02-08 06:12
ComboFix2.txt 2010-02-07 16:58

Pre-Run: 204,381,581,312 bytes free
Post-Run: 204,215,160,832 bytes free

- - End Of File - - FF77CB996023C6B11B87C2681018C1C6


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:23 PM

Posted 15 February 2010 - 01:14 PM

Hello smile.gif

It appears ComboFix has been run multiple times. Please navigate to the following folder: C:\Qoobox

Inside you should see text files titled ComboFix#.txt (ex: ComboFix2.txt, ComboFix3.txt, etc.). I need to see all those logs. Please post them for me.

Thanks!

~Blade

Edited by Blade Zephon, 15 February 2010 - 01:14 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 jongordo8

jongordo8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 15 February 2010 - 01:21 PM

here is combofix2's log: Only other notepad file in that folder is one entitled add remove programs and one entitled quarantined files.

ComboFix 10-02-06.03 - Eddie 02/07/2010 10:41:41.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.955 [GMT -6:00]
Running from: c:\users\Eddie\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-07 16:51 . 2010-02-07 16:53 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2010-02-07 16:51 . 2010-02-07 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-07 16:39 . 2010-02-07 16:39 -------- d-----w- C:\Device
2010-02-07 14:40 . 2010-02-07 14:40 -------- d-----w- c:\users\Eddie\AppData\Local\Sprint
2010-02-07 13:15 . 2010-02-07 13:15 -------- d-----w- c:\program files\Sierra Wireless
2010-02-07 13:15 . 2010-02-07 13:15 -------- d-----w- c:\program files\Novatel Wireless
2010-02-07 13:15 . 2010-02-07 13:15 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2010-02-07 13:14 . 2010-02-07 13:14 -------- d-----w- c:\program files\Sprint
2010-02-07 12:48 . 2010-02-07 12:48 -------- d-----w- c:\programdata\Sprint
2010-02-07 12:24 . 2010-02-07 12:24 -------- d-----w- c:\users\Eddie\AppData\Roaming\PC Tools
2010-02-07 12:24 . 2010-02-07 12:24 -------- d-----w- c:\programdata\PC Tools
2010-02-06 14:08 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 14:08 . 2010-02-06 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 14:08 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 12:43 . 2010-02-06 13:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 12:43 . 2010-02-06 12:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 12:41 . 2010-02-06 12:41 -------- d-----w- C:\!KillBox
2010-02-06 12:18 . 2010-02-06 12:18 -------- d-----w- c:\program files\Trend Micro
2010-02-05 01:33 . 2010-02-03 04:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-04 01:02 . 2010-02-04 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 00:58 . 2010-02-04 00:58 -------- d-----w- c:\programdata\Norton
2010-02-04 00:58 . 2010-02-04 00:58 -------- d-----w- c:\windows\system32\drivers\NSS
2010-02-04 00:58 . 2010-02-04 00:58 -------- d-----w- c:\program files\Norton Security Scan
2010-02-04 00:58 . 2010-02-04 00:58 -------- d-----w- c:\programdata\NortonInstaller
2010-02-04 00:58 . 2010-02-04 00:58 -------- d-----w- c:\program files\NortonInstaller
2010-02-04 00:53 . 2010-02-04 00:53 52224 ----a-w- c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-02-04 00:53 . 2010-02-04 00:53 101376 ----a-w- c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-02-04 00:53 . 2010-02-04 00:53 -------- d-----w- c:\program files\Conduit
2010-02-04 00:53 . 2010-02-07 12:10 -------- d-----w- c:\program files\Vuze_Remote
2010-02-04 00:51 . 2010-02-04 00:51 -------- d-----w- c:\program files\iPod
2010-02-04 00:51 . 2010-02-04 00:51 -------- d-----w- c:\program files\iTunes
2010-02-04 00:48 . 2010-02-04 00:48 -------- d-----w- c:\program files\Bonjour
2010-02-04 00:47 . 2010-02-04 00:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 04:30 . 2010-02-05 01:02 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-03 04:30 . 2010-02-03 04:30 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-03 04:30 . 2010-02-05 01:02 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-03 04:30 . 2010-02-03 04:30 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-03 04:30 . 2010-02-03 04:30 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-03 04:30 . 2010-02-05 01:02 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-03 04:28 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-03 04:28 . 2010-02-03 04:28 -------- d-----w- c:\program files\Lavasoft
2010-02-03 04:23 . 2010-02-03 04:28 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-03 04:22 . 2010-02-03 04:31 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-03 04:22 . 2010-02-03 04:22 -------- d-----w- c:\programdata\Avira
2010-02-03 04:22 . 2010-02-03 04:22 -------- d-----w- c:\program files\Avira
2010-02-03 04:22 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-01 19:57 . 2010-02-01 19:57 -------- d-----w- c:\program files\DIFX
2010-02-01 17:12 . 2010-02-01 17:12 -------- d-----w- c:\program files\Common Files\Intel
2010-02-01 16:12 . 2010-01-06 09:12 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-02-01 16:09 . 2009-11-02 20:03 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-01 15:03 . 2010-02-01 15:03 -------- d-----w- c:\programdata\CheckPoint
2010-02-01 08:56 . 2010-02-03 04:20 -------- d-----w- c:\programdata\Alwil Software
2010-02-01 08:56 . 2010-02-01 08:56 -------- d-----w- c:\program files\Alwil Software
2010-02-01 08:36 . 2010-02-01 08:36 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_d.dll
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_c.dll
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_b.dll
2010-02-01 08:36 . 2010-02-01 08:36 -------- d-----w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab
2010-02-01 08:36 . 2010-02-01 08:36 88576 ----a-w- c:\users\Eddie\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4_1_47_0_a.dll
2010-02-01 01:59 . 2010-02-01 02:03 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-02-01 01:58 . 2010-02-01 01:58 -------- d-----w- c:\users\Eddie\AppData\Roaming\AVG8
2010-01-31 03:52 . 2010-01-31 03:52 -------- d-----w- c:\program files\AVG
2010-01-31 03:29 . 2010-01-31 03:29 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2010-01-31 03:29 . 2010-01-31 03:29 -------- d-----w- c:\programdata\Malwarebytes
2010-01-27 00:31 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 00:31 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-24 12:25 . 2010-01-24 12:25 -------- d-----w- c:\programdata\McAfee
2010-01-23 02:15 . 2007-06-05 06:27 29312 ----a-w- c:\windows\system32\nascoins.dll
2010-01-23 02:15 . 2007-04-03 08:33 311296 ----a-w- c:\windows\system32\DelNetworkShortcut.exe
2010-01-23 00:58 . 2010-02-01 14:42 -------- d-----w- c:\users\Eddie\AppData\Roaming\Intel
2010-01-23 00:57 . 2010-01-23 00:57 -------- d-----w- c:\users\Public\Lenovo
2010-01-22 11:59 . 2010-01-22 11:59 -------- d-----w- c:\programdata\McAfee Security Scan
2010-01-22 11:52 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 03:05 . 2010-01-21 03:05 -------- d-----w- c:\users\Eddie\AppData\Roaming\CyberLink
2010-01-21 03:05 . 2010-01-21 03:05 -------- d-----w- c:\programdata\CyberLink
2010-01-21 03:00 . 2010-01-21 03:00 -------- d-----w- C:\MyWorks
2010-01-21 03:00 . 2010-01-21 03:04 -------- d-----w- c:\program files\CyberLink
2010-01-21 00:54 . 2010-01-21 01:58 -------- d-----w- c:\windows\Driver Cache
2010-01-21 00:54 . 2010-01-21 00:54 -------- d-----w- c:\program files\AVerMedia
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\users\Eddie\AppData\Roaming\Canneverbe_Limited
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-20 03:13 . 2009-11-12 19:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\program files\CDBurnerXP
2010-01-17 14:10 . 2010-01-17 14:10 -------- d-----w- c:\program files\VideoLAN
2010-01-12 23:52 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:52 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 06:41 . 2010-01-12 06:42 4141117 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-01-12 06:41 . 2010-01-12 06:41 6516755 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-01-12 06:41 . 2010-01-12 06:41 15884 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
2010-01-12 06:41 . 2010-01-12 06:41 102400 ----a-w- c:\users\Eddie\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2010-01-11 06:01 . 2010-01-11 06:01 -------- d-----w- c:\users\Eddie\AppData\Roaming\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 15:48 . 2009-11-22 00:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-07 14:39 . 2010-02-07 12:24 -------- d-----w- c:\program files\Spyware Doctor
2010-02-07 12:25 . 2010-02-07 12:24 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-06 00:45 . 2009-12-03 01:28 -------- d-----w- c:\users\Eddie\AppData\Roaming\Azureus
2010-02-05 01:02 . 2010-02-03 04:31 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 01:01 . 2010-02-04 00:58 -------- d-----w- c:\programdata\Symantec
2010-02-04 00:58 . 2009-12-03 01:27 -------- d-----w- c:\program files\Vuze
2010-02-04 00:51 . 2009-11-21 21:37 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 04:31 . 2010-02-03 04:31 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-03 04:31 . 2010-02-03 04:31 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-03 04:31 . 2010-02-03 04:31 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-03 04:31 . 2010-02-03 04:31 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-03 04:31 . 2010-02-03 04:31 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-03 04:31 . 2010-02-03 04:31 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-03 04:31 . 2010-02-03 04:31 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-02-03 04:31 . 2010-02-03 04:31 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-03 04:31 . 2010-02-03 04:31 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-03 04:31 . 2010-02-03 04:31 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-03 04:31 . 2010-02-03 04:31 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-03 04:28 . 2009-11-10 04:57 -------- d-----w- c:\programdata\Lavasoft
2010-02-03 02:56 . 2009-11-10 05:23 -------- d-----w- c:\program files\Intel
2010-02-03 02:52 . 2009-11-15 03:45 -------- d-----w- c:\program files\Google
2010-01-30 02:06 . 2009-12-24 01:47 -------- d-----w- c:\program files\Cheat Engine
2010-01-23 02:17 . 2009-11-24 15:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 00:56 . 2009-11-24 14:56 -------- d-----w- c:\program files\Lenovo
2010-01-23 00:09 . 2009-11-22 04:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 12:06 . 2009-11-10 04:53 64264 ----a-w- c:\users\Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-21 00:08 . 2009-11-21 21:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:12 . 2009-11-10 04:55 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 09:12 . 2009-11-24 15:29 382312 ------w- c:\windows\PWMBTHLV.EXE
2010-01-06 09:12 . 2009-11-24 15:28 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2009-12-27 14:19 . 2009-11-15 15:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-27 14:18 . 2009-11-15 15:28 38784 ----a-w- c:\users\Eddie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-27 14:18 . 2009-11-15 15:28 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-18 22:56 . 2009-12-18 22:52 -------- d-----w- c:\program files\Verizon
2009-12-18 22:56 . 2009-12-18 22:53 -------- d-----w- c:\programdata\WiFiTemp
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\program files\Common Files\Verizon Shared
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\program files\Wi-Fi Connect
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\programdata\Wi-Fi Connect
2009-12-18 22:55 . 2009-12-18 22:55 -------- d-----w- c:\programdata\WEngineLite
2009-12-18 22:52 . 2009-12-18 22:52 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-12-13 23:12 . 2009-12-13 23:12 -------- d-----w- c:\users\Jon\AppData\Roaming\Thunderbird
2009-12-13 23:12 . 2009-11-22 01:02 -------- d-----w- c:\users\Eddie\AppData\Roaming\Thunderbird
2009-12-12 06:36 . 2009-12-12 06:36 -------- d-----w- c:\users\Eddie\AppData\Roaming\Sprint
2009-12-12 06:35 . 2009-12-12 06:35 -------- d-----w- c:\users\Eddie\AppData\Roaming\Bytemobile
2009-12-09 23:14 . 2009-11-15 17:11 -------- d-----w- c:\program files\Digsby
2009-12-02 18:21 . 2009-12-02 18:21 66880 ----a-w- c:\windows\system32\pxfhwmcp.dll
2009-12-02 18:21 . 2009-12-02 18:21 136512 ----a-w- c:\windows\system32\PCTIN50.dll
2009-12-02 18:12 . 2009-12-02 18:12 8464 ----a-w- c:\windows\system32\sporder.dll
2009-12-02 18:12 . 2009-12-02 18:12 719360 ----a-w- c:\windows\system32\bmutil.dll
2009-12-02 18:12 . 2009-12-02 18:12 471040 ----a-w- c:\windows\system32\bmnet.dll
2009-12-02 18:12 . 2009-12-02 18:12 18816 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2009-12-02 18:12 . 2009-12-02 18:12 38680 ----a-w- c:\windows\system32\drivers\pctnullport.sys
2009-12-02 18:12 . 2009-12-02 18:12 38680 ----a-w- c:\programdata\Sprint\Sprint SmartView\pctnullport.sys
2009-12-02 18:12 . 2009-12-02 18:12 22656 ----a-w- c:\windows\system32\drivers\BMLoad.sys
2009-12-02 18:12 . 2009-12-02 18:12 126976 ----a-w- c:\windows\system32\bmdumpd.bin
2009-12-02 18:10 . 2009-12-02 18:10 32408 ----a-w- c:\windows\system32\PCTINDIS5.sys
2009-12-02 13:19 . 2010-02-03 04:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-22 00:56 . 2009-11-22 00:56 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 10:12 . 2009-11-20 10:12 626688 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcr80.dll
2009-11-20 10:12 . 2009-11-20 10:12 548864 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcp80.dll
2009-11-20 10:12 . 2009-11-20 10:12 479232 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcm80.dll
2009-11-20 10:12 . 2009-11-20 10:12 23552 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\CommandLine.dll
2009-11-20 10:12 . 2009-11-20 10:12 21504 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
2009-11-20 10:12 . 2009-11-20 10:12 1513472 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\Common.dll
2009-11-10 16:28 . 2010-02-07 12:25 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 16:28 . 2010-02-07 12:25 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 16:28 . 2010-02-07 12:25 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 16:26 . 2010-02-07 12:25 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-10 04:59 . 2009-11-10 04:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 04:40 . 2009-11-10 04:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 17:20 . 2010-02-07 12:24 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-01-06 869736]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-08-17 55048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-09-09 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-12-02 75072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-08-17 21:27 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 15:38 62752 ----a-w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 06:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2009-12-02 18:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-10 04:40 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R0 DozeHDD;DozeHDD;c:\windows\System32\drivers\DOZEHDD.SYS [2/1/2010 10:12 AM 24304]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2/2/2010 10:31 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/7/2010 6:24 AM 207792]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [6/29/2009 1:51 PM 20520]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [1/31/2010 7:59 PM 24856]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [5/12/2008 6:04 PM 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 5:52 PM 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/2/2010 10:22 PM 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/7/2010 6:25 AM 112592]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/1/2010 10:40 AM 132456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/6/2010 6:43 AM 1153368]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 3:47 PM 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/24/2009 9:30 AM 62320]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 3:18 PM 4231168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2/1/2010 10:11 AM 45424]
S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [12/2/2009 12:19 PM 124224]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [8/28/2009 8:42 PM 17408]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\System32\drivers\NETw5s32.sys [9/15/2009 12:40 PM 6114816]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor\pcdsrvc.pkms [11/20/2009 4:12 AM 20848]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/24/2009 9:29 AM 75112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/7/2010 6:24 AM 359624]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [7/13/2009 4:13 PM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 4:13 PM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [7/13/2009 4:13 PM 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [7/13/2009 5:52 PM 14336]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe --> c:\program files\Apoint2K\ApRunSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\Norton Security Scan for Eddie.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-04 17:54]

2010-01-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-02-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\
FF - component: c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kzoq7h15.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-Network Drive Mapping Utility - c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1164)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxext.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-02-07 10:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 16:58

Pre-Run: 191,745,089,536 bytes free
Post-Run: 191,912,361,984 bytes free

- - End Of File - - 4063D4E1A99AFD3E8B6CE60D26239579


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:23 PM

Posted 16 February 2010 - 12:43 AM

Hello jongordo8

In regards to you random crashes. . . we need to identify what kind of error we're getting
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Please post me the error(s).

***************************************************

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .

~Blade


In your next reply, please include the following:
Blue Screen Information
Kaspersky Online Scan log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 jongordo8

jongordo8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 18 February 2010 - 07:28 AM

Ok here is the error I have seen....I never saw the bluescreen cause screen went blank and froze but when I reboot it gives me the windows recovered from serious error screen and here are the details:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 00000004
BCP2: 00000258
BCP3: 84EF5798
BCP4: 8078ADF4
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\021810-20732-01.dmp
C:\Users\Eddie\AppData\Local\temp\WER-215125-0.sysdata.xml



I will post the scan results tonight when I get home.


#11 jongordo8

jongordo8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 19 February 2010 - 11:17 PM

I also have noticed that I know have an issue where my USB HD and several other USB devices are not detected when plugged into any USB ports, but my sprint aircard still works through USB.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, February 19, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, February 20, 2010 00:50:22
Records in database: 3592706
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 108365
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:17:20

No threats found. Scanned area is clean.

Selected area has been scanned.

Edited by jongordo8, 19 February 2010 - 11:18 PM.


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:23 PM

Posted 21 February 2010 - 01:54 AM

Hello jongordo8

Firstly. . . you'll be happy to know that I don't see evidence of further malware infection on your machine.

About your Blue Screen issues, please see this page and follow the steps suggested. My suggestion would be to first resolve this issue, as your other issues (particularly the shutdown problem) might relate to it.

Regarding the USB issue. . . unfortunately that's not my area of expertise. My suggestion would be to start a thread in our Windows XP Home and Professional forum once we're done here.

Any other questions?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:23 PM

Posted 08 March 2010 - 01:58 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users