Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVSoft / Other Virus Problem


  • Please log in to reply
1 reply to this topic

#1 dannydizzle

dannydizzle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 12 July 2010 - 03:24 PM

Hey everyone, for the past few weeks I've been plagued with spyware / viruses and I've tried all sorts of stuff to remove them. The main problem was with AVSoft or other variants, windows services being turned off after a reboot (under administrative tools; mainly dchp client, themes, windows audio, and windows firewall), and random redirects when using google. I searched google for some help and came to a topic in this forum from a person that had a similar problem. I've used ComboFix and that seemed to work. What I want to know if I still have any virus/malware problems on my pc. Below is a DDS Log as well as the ComboFix log after the scan/clean. I've also attached said logs.

DDS LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by 100314595 at 16:11:28.07 on Mon 07/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3066.2244 [GMT -4:00]

AV: F-Secure Client Security 8.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\100314595\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uoit.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.0.14)_Gecko/2009082707_Firefox/3.0.14_(.NET_CLR_3.5.30729)" -"http://ohellnawlblog.com/newohnblog/2009/05/12/top-60-ghettoe-black-names/"
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [TpShocks] TpShocks.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
uPolicies-explorer: NoSecurityTab = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232121137750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232126903781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\100314~1\applic~1\mozilla\firefox\profiles\n62ky86u.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 atiide;ATI SATA Controller IDE mode;c:\windows\system32\drivers\atiide.sys [2009-6-3 3456]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-6-2 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-6-2 79936]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2008-5-5 17968]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-3-23 155648]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2009-6-2 215648]
R2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2008-12-11 92592]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2009-8-20 139264]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-2 94208]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2009-8-20 372736]
R2 SSIRuntimeService;SSIRuntimeService;c:\program files\software secure, inc\ssiruntimeservice\SSIRuntimeService.exe [2007-9-11 45056]
R2 VMMEMCTL;VMware server memory controller;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2008-8-8 15408]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-5-18 229856]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-3 243856]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2009-6-2 123056]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2009-6-2 162456]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2009-6-2 55904]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2009-8-27 4544]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2009-8-20 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2009-8-20 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2009-8-20 3712]
S2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2008-8-8 264752]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\atswpwdf.sys --> c:\windows\system32\drivers\ATSwpWDF.sys [?]
S3 PowerLabUSB;ADInstruments PowerLab driver;c:\windows\system32\drivers\plusb2_0_3_NTx86.sys [2010-1-18 17232]
S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2008-8-8 294912]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2008-5-5 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-5-5 62768]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2008-5-5 34992]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2009-6-2 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2009-6-2 25184]

=============== Created Last 30 ================

2010-07-12 19:28:41 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-07-12 19:28:41 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-07-12 19:27:11 0 d-sha-r- C:\cmdcons
2010-07-12 19:13:49 98816 ----a-w- c:\windows\sed.exe
2010-07-12 19:13:49 77312 ----a-w- c:\windows\MBR.exe
2010-07-12 19:13:49 256512 ----a-w- c:\windows\PEV.exe
2010-07-12 19:13:49 161792 ----a-w- c:\windows\SWREG.exe
2010-07-12 19:08:38 3737559 ----a-r- C:\ComboFix.exe
2010-07-05 17:18:00 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-05 17:18:00 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-05 17:18:00 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-05 17:17:59 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-05 17:17:58 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-05 17:17:58 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-05 17:17:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-05 17:17:57 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-06-30 09:59:49 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-06-30 09:57:45 0 d-----w- c:\windows\system32\xlive
2010-06-30 09:57:45 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-15 19:26:24 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

==================== Find3M ====================

2010-06-15 19:26:23 578560 ----a-w- c:\windows\system32\user32.DLL
2009-06-03 18:30:59 9715200 ----a-w- c:\windows\inf\uiu\t5\rtlcpl.exe
2009-06-03 18:29:59 18840 ----a-w- c:\windows\inf\uiu\t1\win2k_xp\i386\ctgame.sys
2009-06-03 18:28:59 764416 ----a-w- c:\windows\inf\uiu\t2\chdau32.sys
2009-06-03 18:27:59 2643968 ----a-w- c:\windows\inf\uiu\t13\igxpdx32.dll
2009-06-03 18:26:19 29696 ----a-w- c:\windows\inf\uiu\l251x86.sys
2009-06-03 18:25:57 425984 ----a-w- c:\windows\inf\uiu\b_68405\atidemgx.dll
2009-06-03 18:24:56 372736 ----a-w- c:\windows\inf\uiu\b_60234\atidemgx.dll
2009-06-03 18:23:59 39936 ----a-w- c:\windows\inf\uiu\t8\p16x.dll
2009-06-03 18:22:59 5632 ----a-w- c:\windows\inf\uiu\fuj02e1.sys
2009-06-03 18:21:34 8704 ----a-w- c:\windows\inf\uiu\t16\i386\pfmodnt.sys
2009-06-03 18:20:56 307200 ----a-w- c:\windows\inf\uiu\b_44319\atiiiexx.dll
2009-06-03 18:19:52 659456 ----a-w- c:\windows\inf\uiu\t19\hxfsetup.exe
2009-06-03 18:18:59 3107788 ----a-w- c:\windows\inf\uiu\b_69725\ativvaxx.dat
2009-06-03 18:17:55 307200 ----a-w- c:\windows\inf\uiu\b_30324\atiiiexx.dll
2009-06-03 18:16:59 424320 ----a-w- c:\windows\inf\uiu\t2\bcmwl5.sys
2009-06-03 18:15:57 299008 ----a-w- c:\windows\inf\uiu\b_21951\atiiiexx.dll
2009-06-03 18:14:59 712704 ----a-w- c:\windows\inf\uiu\t2\audio3d.dll
2009-06-03 18:13:59 503808 ----a-w- c:\windows\inf\uiu\t4\igfxress.dll
2009-06-03 18:12:59 569344 ----a-w- c:\windows\inf\uiu\t9\hxfsetup.exe
2009-06-03 18:11:59 495616 ----a-w- c:\windows\inf\uiu\t6\igfxcfg.exe
2009-06-03 18:10:58 49152 ----a-w- c:\windows\inf\uiu\ialmrem.dll
2009-07-29 12:24:55 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat

ComboFix Log:

ComboFix 10-07-11.07 - 100314595 07/12/2010 15:31:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3066.2402 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: F-Secure Client Security 8.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\100314595\Application Data\.#
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\xpsp1hfm.log

----- BITS: Possible infected sites -----

hxxp://download.xbox.com:80
Infected copy of c:\windows\system32\DRIVERS\compbatt.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 19:28 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-07-12 19:08 . 2010-07-12 19:08 3737559 ----a-r- C:\ComboFix.exe
2010-07-09 22:07 . 2010-07-09 22:07 -------- d-----w- c:\documents and settings\100314595\Application Data\InstallShield Installation Information
2010-07-05 17:18 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-05 17:18 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-05 17:18 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-05 17:17 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-05 17:17 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-05 17:17 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-05 17:17 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-05 17:17 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-05 16:04 . 2010-07-05 16:04 -------- d-----w- c:\program files\7-Zip
2010-06-30 09:59 . 2010-06-30 09:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-06-30 09:59 . 2010-06-30 09:59 -------- d-----w- c:\documents and settings\100314595\Local Settings\Application Data\Rockstar Games
2010-06-30 09:59 . 2010-06-30 09:59 -------- d--h--r- c:\documents and settings\100314595\Application Data\SecuROM
2010-06-30 09:57 . 2010-06-30 09:57 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-30 09:57 . 2010-06-30 09:57 -------- d-----w- c:\windows\system32\xlive
2010-06-15 19:26 . 2010-06-15 19:26 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 17:58 . 2009-06-02 17:40 -------- d-----w- c:\program files\F-Secure
2010-07-11 22:30 . 2009-08-20 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2010-07-10 08:46 . 2009-04-22 16:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 22:08 . 2010-07-09 22:07 331776 ----a-w- c:\documents and settings\100314595\Application Data\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe
2010-07-09 22:08 . 2010-07-09 22:07 3660137 ----a-w- c:\documents and settings\100314595\Application Data\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\ISSetup.dll
2010-07-09 22:08 . 2009-12-06 03:44 -------- d-----w- c:\documents and settings\100314595\Application Data\Azureus
2010-07-09 16:05 . 2010-07-09 16:05 8177088 ----a-w- c:\documents and settings\100314595\Application Data\Azureus\tmp\AZU5639471098524976187.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-08 14:00 . 2009-04-22 15:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-08 13:59 . 2009-04-22 15:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 23:14 . 2009-08-26 20:25 -------- d-----w- c:\program files\World of Warcraft
2010-06-22 21:53 . 2009-08-26 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-15 19:26 . 2004-08-04 12:00 578560 ----a-w- c:\windows\system32\user32.DLL
2010-06-12 04:33 . 2009-06-03 18:32 123120 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-06 02:44 . 2009-09-19 09:53 -------- d-----w- c:\program files\Project64 1.6
2010-06-03 13:04 . 2010-06-03 13:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen
2010-05-29 19:45 . 2009-05-27 16:18 1316 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-28 12:16 . 2010-05-13 08:06 -------- d-----w- c:\program files\Google
2010-05-26 04:35 . 2009-08-26 18:24 -------- d-----w- c:\documents and settings\100314595\Application Data\F-Secure
2010-05-22 07:10 . 2010-05-22 07:10 8854 ----a-r- c:\documents and settings\100314595\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-05-22 07:10 . 2010-05-22 07:10 40960 ----a-r- c:\documents and settings\100314595\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-05-22 07:10 . 2010-05-22 07:10 40960 ----a-r- c:\documents and settings\100314595\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-05-13 08:08 . 2010-05-13 08:08 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-13 08:08 . 2010-05-13 08:08 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-13 08:08 . 2010-05-13 08:08 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-13 08:07 . 2010-05-13 08:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-13 08:07 . 2010-05-13 08:07 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-13 08:07 . 2010-05-13 08:07 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-13 08:07 . 2010-05-13 08:07 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-13 08:05 . 2010-05-13 08:08 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-13 08:05 . 2010-05-13 08:08 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-29 19:39 . 2010-03-21 05:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-21 05:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 22:19 . 2004-08-04 12:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
.

------- Sigcheck -------

[-] 2010-04-17 22:19 . DE912C2D0E9054D4800B0C5254524E9B . 11648 . . [------] . . c:\windows\system32\drivers\acpiec.sys
[7] 2010-04-17 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\steam\steam.exe" [2010-05-15 1238352]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-08-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-08-25 208896]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 20:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2008-08-08 20:04 364544 ----a-r- c:\windows\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-682003330-725345543-181972\Scripts\Logon\0\0]
"Script"=\\oncampus.local\NETLOGON\AcademicIntegrity\stu\icon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-682003330-725345543-181972\Scripts\Logon\1\0]
"Script"=\\oncampus.local\NETLOGON\IE6SiteAddition.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]
c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-21 19:44 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
2008-08-08 20:04 92720 ----a-w- c:\program files\VMware\VMware Tools\VMwareTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
2008-08-08 20:04 268848 ----a-w- c:\program files\VMware\VMware Tools\VMwareUser.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\BNUpdate.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Updater.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57914:TCP"= 57914:TCP:Pando Media Booster
"57914:UDP"= 57914:UDP:Pando Media Booster

R0 atiide;ATI SATA Controller IDE mode;c:\windows\system32\drivers\atiide.sys [6/3/2009 2:17 PM 3456]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [6/2/2009 1:41 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [6/2/2009 1:41 PM 79936]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 4:21 PM 19496]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [5/5/2008 11:50 AM 17968]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [3/23/2009 10:03 AM 155648]
R2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [12/11/2008 12:38 PM 92592]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [8/20/2009 4:14 AM 139264]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/2/2009 1:48 PM 94208]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [8/20/2009 4:14 AM 372736]
R2 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe [9/11/2007 9:41 AM 45056]
R2 VMMEMCTL;VMware server memory controller;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [8/8/2008 4:04 PM 15408]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 12:57 PM 229856]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/3/2009 2:26 PM 243856]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [6/2/2009 1:40 PM 123056]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [6/2/2009 1:41 PM 55904]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [8/27/2009 12:09 AM 4544]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [8/20/2009 4:14 AM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [8/20/2009 4:14 AM 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [8/20/2009 4:14 AM 3712]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [8/8/2008 4:04 PM 264752]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys --> c:\windows\system32\Drivers\ATSwpWDF.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/21/2010 1:58 AM 38224]
S3 PowerLabUSB;ADInstruments PowerLab driver;c:\windows\system32\drivers\plusb2_0_3_NTx86.sys [1/18/2010 12:22 PM 17232]
S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [8/8/2008 4:04 PM 294912]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [5/5/2008 11:50 AM 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [5/5/2008 11:50 AM 62768]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [5/5/2008 11:50 AM 34992]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [6/2/2009 1:40 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [6/2/2009 1:40 PM 25184]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2010 8:31 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-02 05:45]

2010-07-05 c:\windows\Tasks\Scheduled task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-06-02 10:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uoit.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\100314595\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
AddRemove-UIU - c:\program files\UIU\uninstallnet.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 15:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-682003330-725345543-181972\Software\SecuROM\License information*]
"datasecu"=hex:93,e3,92,6b,92,53,07,09,a8,80,da,e4,42,93,1f,38,b3,3d,26,d6,82,
7d,e6,94,10,ce,2a,ff,01,ed,e9,93,9f,23,f6,fe,bc,63,74,8a,ec,ea,c0,a9,ee,3e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\System32\hgfs.dll

- - - - - - - > 'explorer.exe'(5764)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\LANDesk\LDClient\tmcsvc.exe
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\windows\System32\TPHDEXLG.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\progra~1\LANDesk\LDClient\rcgui.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\TpShocks.exe
c:\program files\F-Secure\FSGUI\fsguidll.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
**************************************************************************
.
Completion time: 2010-07-12 15:43:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-12 19:43

Pre-Run: 22,468,087,808 bytes free
Post-Run: 24,431,177,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B462A84352AF8657DCA3DBED6392B6C8
'

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:07 AM

Posted 17 July 2010 - 03:18 PM

Hello dannydizzle

Welcome to BleepingComputer smile.gif
========================
Hi please delete your version of Combofix and redownload and run it once more and post the updated log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users