Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Audio has disappeared
Go to first new post Old computer running as slow as molasses
Go to first new post Memory upgrade problems.
Go to first new post Internet Explorer
Go to first new post My comp is being attacked!! HELP PLEASE! ...
Go to first new post Asus eeepc Windows XP Slow down
Go to first new post Infected with some sort of malware/Troja ...
Go to first new post application.exe bad image error
Go to first new post How do I get rid of start.sweetpacks.com ...
Go to first new post Random audio files playing in the backgr ...
Go to first new post MBR PhysicalDrive0 issue
Go to first new post Malware? Redirecting, various ads, unab ...
Go to first new post Win64/Patched.A help!
Go to first new post Annoying Moneypak
Go to first new post Volumes Unmounting during virus removal
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Redirected when using Firefox and Google


(!)

Reply
Page 1 of 2 1 2
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
14-Sep-2010, 02:51 PM #1
Redirected when using Firefox and Google
When I click on Google search results, I am being redirected to random websites. I have run MBAM and AVG, but nothing has been found. I believe my issue is similar to the issue at this link: http://forums.techguy.org/virus-othe...e7-google.html however the recommended fixes are for Windows 2K and XP only. I am using Windows Vista. Hope somebody can help.

Thanks.
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
14-Sep-2010, 02:53 PM #2
I forgot to mention that sometimes I am redirected to a page that just says "old session or bad record". Thanks.
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
14-Sep-2010, 05:47 PM #3
Sorry, I didn't read the instructions before posting. My HijackThis log and the contents of DDS.txt are below and Attach.txt is attached. I waited for about 2.5 hours for GMER to run and before it completed, my system crashed (I got a blue screen), so I don't have the contents of ark.txt. Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:32 PM, on 9/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Alarm Clock\Alarm Tray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\TpShocks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService. exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Julieta & Ankit\My Installation files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Olcoalv] rundll32 "C:\Users\Julieta\AppData\Roaming\e1e6032N.dll",Pbbian
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dropbox.lnk = Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpirexe.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\Program Files\Alarm Clock\AlarmMonitor.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\system32\WebUpdateSvc4.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16815 bytes





DDS (Ver_09-09-29.01) - NTFSx86
Run by Julieta at 14:03:03.53 on Tue 09/14/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.721 [GMT -5:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
C:\Windows\system32\WebUpdateSvc4.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Alarm Clock\AlarmMonitor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Alarm Clock\Alarm Tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\TpShocks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
C:\Users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService. exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Julieta\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://mail.yahoo.com/
mDefault_Page_URL = hxxp://lenovo.live.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Quick Hide Windows]
uRun: [Olcoalv] rundll32 "c:\users\julieta\appdata\roaming\e1e6032N.dll",Pbbian
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
StartupFolder: c:\users\julieta\appdata\roaming\micros~1\windows\startm~1\programs\startup \dropbox.lnk - c:\users\julieta\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
Trusted Zone: umanitoba.ca\osav.cc
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4}
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\users\julieta\appdata\roaming\mozilla\firefox\profiles\1sodi5vs.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\julieta\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\users\julieta\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserp lus_2.9.8.dll
FF - plugin: c:\users\julieta\appdata\roaming\mozilla\firefox\profiles\1sodi5vs.default\ extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\julieta\appdata\roaming\mozilla\firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-24 24304]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2009-10-9 120360]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-6 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-6 243024]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-7-17 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR32V.SYS [2008-12-21 11552]
R2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\alarm clock\AlarmMonitor.exe [2008-5-31 852144]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-3-23 20376]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-6 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-6 308136]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-1-24 132456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-9 93032]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-22 47640]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-1-24 75112]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-10 569344]
R2 UpekSrvc;Upek Service;c:\program files\thinkvantage fingerprint software\upeksrvc.exe [2009-12-1 35080]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-6-25 229592]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-4 29472]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-9-9 45496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-25 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-12 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-3-25 16896]

=============== Created Last 30 ================

2010-09-10 23:30 29,272 a----r-- c:\windows\system32\AdobePDF.dll
2010-09-10 04:12 <DIR> --d----- c:\program files\common files\Macrovision Shared
2010-09-08 22:34 <DIR> --d----- c:\programdata\Nero
2010-09-08 22:34 <DIR> --d----- c:\progra~2\Nero
2010-09-08 22:33 <DIR> --d----- c:\program files\Nero
2010-09-08 20:31 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2010-09-08 20:30 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2010-09-08 20:30 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2010-09-08 20:29 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2010-09-08 20:29 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2010-09-06 14:47 12,536 a------- c:\windows\system32\avgrsstx.dll
2010-09-06 14:47 243,024 a------- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 14:47 216,400 a------- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 14:47 <DIR> --d----- c:\windows\system32\drivers\Avg
2010-09-06 14:44 <DIR> --d----- c:\programdata\avg9
2010-09-06 14:44 <DIR> --d----- c:\progra~2\avg9
2010-09-06 13:22 <DIR> --d----- c:\program files\Capturix VideoSpy
2010-09-05 21:13 <DIR> --d----- c:\users\julieta\appdata\roaming\OpenOffice.org
2010-09-05 21:09 <DIR> --d----- c:\program files\JRE
2010-09-05 21:08 <DIR> --d----- c:\program files\OpenOffice.org 3
2010-09-05 21:08 423,656 a------- c:\windows\system32\deployJava1.dll
2010-09-05 17:39 <DIR> --d----- c:\users\julieta\appdata\roaming\Xilisoft
2010-09-05 17:38 <DIR> --d----- c:\program files\MSECache
2010-09-05 03:32 92,672 a--shr-- c:\users\julieta\appdata\roaming\e1e6032N.dll
2010-09-05 03:30 <DIR> --d----- c:\users\julieta\appdata\roaming\Leawo
2010-09-05 03:29 438,272 a------- c:\windows\system32\Mpeg2DecFilter.ax
2010-09-05 03:29 <DIR> --d----- c:\program files\Leawo
2010-09-04 00:52 <DIR> --d----- c:\program files\E.M. PowerPoint Video Converter
2010-09-04 00:46 <DIR> --d----- c:\users\julieta\appdata\roaming\GeoVid
2010-09-04 00:46 60,416 a------- c:\windows\system32\dsetup.dll
2010-09-04 00:46 <DIR> --d----- c:\program files\common files\GeoVid
2010-08-22 22:45 <DIR> --d----- c:\users\julieta\appdata\roaming\Update
2010-08-19 01:02 <DIR> --d----- c:\program files\Lame for Audacity

==================== Find3M ====================

2010-09-14 11:08 143,360 a------- c:\windows\inf\infstrng.dat
2010-09-14 11:08 86,016 a------- c:\windows\inf\infpub.dat
2010-09-10 23:34 3,204 a------- c:\windows\bthservsdp.dat
2010-09-10 03:16 143,360 a------- c:\windows\inf\infstor.dat
2010-08-25 03:30 394,600 -------- c:\windows\PWMBTHLV.EXE
2010-08-25 03:30 24,304 -------- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-25 03:30 11,552 -------- c:\windows\system32\drivers\TPPWR32V.SYS
2010-07-25 18:01 56 a---h--- c:\programdata\ezsidmv.dat
2010-07-25 18:01 56 a---h--- c:\progra~2\ezsidmv.dat
2010-06-30 15:18 665,600 a------- c:\windows\inf\drvindex.dat
2010-06-26 20:08 348,160 -------- c:\windows\system32\msvcr71.dll
2010-06-26 01:05 916,480 a------- c:\windows\system32\wininet.dll
2010-06-26 01:02 109,056 a------- c:\windows\system32\iesysprep.dll
2010-06-26 01:02 71,680 a------- c:\windows\system32\iesetup.dll
2010-06-25 23:25 133,632 a------- c:\windows\system32\ieUnatt.exe
2010-06-21 08:37 2,037,760 a------- c:\windows\system32\win32k.sys
2010-06-18 12:31 36,864 a------- c:\windows\system32\rtutils.dll
2009-03-25 01:43 174 ---sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 -------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 -------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 -------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 -------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 -------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 -------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 -------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 -------- c:\windows\inf\perflib\0000\perfc.dat
2010-06-01 21:30 16,384 ---sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.da t
2010-06-01 21:30 16,384 ---sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history. ie5\index.dat
2010-06-01 21:30 32,768 ---sh--- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-12-20 19:17 245,760 ---sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\i etldcache\index.dat

============= FINISH: 14:03:35.71 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
14-Sep-2010, 07:35 PM #4
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
14-Sep-2010, 10:36 PM #5
Thanks for the quick reply. Here you go...

ComboFix 10-09-14.01 - Julieta 09/14/2010 20:52:30.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.986 [GMT -5:00]
Running from: c:\julieta & ankit\My Installation files\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Julieta\AppData\Roaming\e1e6032N.dll
c:\windows\system32\fonts
c:\windows\system32\fonts\Courier-Bold.afm
c:\windows\system32\fonts\Courier-BoldOblique.afm
c:\windows\system32\fonts\Courier-Oblique.afm
c:\windows\system32\fonts\Courier.afm
c:\windows\system32\fonts\Helvetica-Bold.afm
c:\windows\system32\fonts\Helvetica-BoldOblique.afm
c:\windows\system32\fonts\Helvetica-Oblique.afm
c:\windows\system32\fonts\Helvetica.afm
c:\windows\system32\fonts\Symbol.afm
c:\windows\system32\fonts\Times-Bold.afm
c:\windows\system32\fonts\Times-BoldItalic.afm
c:\windows\system32\fonts\Times-Italic.afm
c:\windows\system32\fonts\Times-Roman.afm
c:\windows\system32\fonts\ZapfDingbats.afm

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 02:04 . 2010-09-15 02:11 -------- d-----w- c:\users\Julieta\AppData\Local\temp
2010-09-15 02:04 . 2010-09-15 02:04 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC\AppData\Local\temp
2010-09-15 02:04 . 2010-09-15 02:04 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC.Julieta-PC\AppData\Local\temp
2010-09-15 02:04 . 2010-09-15 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-14 23:45 . 2010-09-14 23:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-14 23:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 23:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 23:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 23:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 04:30 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2010-09-10 09:12 . 2010-09-10 09:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\users\Julieta\AppData\Local\Nero_AG
2010-09-09 03:50 . 2010-09-09 03:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Nero
2010-09-09 03:34 . 2010-09-09 03:44 -------- d-----w- c:\programdata\Nero
2010-09-09 03:33 . 2010-09-09 03:34 -------- d-----w- c:\program files\Common Files\Nero
2010-09-09 03:33 . 2010-09-09 03:44 -------- d-----w- c:\program files\Nero
2010-09-09 01:31 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-09 01:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-09 01:30 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-09 01:29 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-09 01:29 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-06 19:47 . 2010-09-06 19:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-06 19:47 . 2010-09-06 19:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 19:47 . 2010-09-06 19:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 19:47 . 2010-09-14 23:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-06 19:47 . 2010-09-06 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 19:44 . 2010-09-06 19:44 -------- d-----w- c:\programdata\avg9
2010-09-06 18:22 . 2007-05-04 20:51 40448 ----a-w- c:\windows\system32\RegOBJ.dll
2010-09-06 18:22 . 2007-05-04 20:51 1003520 ----a-w- c:\windows\system32\ltmm_n.dll
2010-09-06 18:22 . 2007-05-04 20:51 204800 ----a-w- c:\windows\system32\falcon.dll
2010-09-06 18:22 . 2004-03-26 09:53 180224 ----a-w- c:\windows\system32\aspsms.dll
2010-09-06 18:22 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\MFC42D.dll
2010-09-06 18:22 . 2004-02-27 05:00 827445 ----a-w- c:\windows\system32\MFCO42D.dll
2010-09-06 18:22 . 2003-10-02 16:06 185384 ----a-w- c:\windows\system32\cstcpapi.DLL
2010-09-06 18:22 . 2000-08-29 05:00 516173 ----a-w- c:\windows\system32\MSVCP60D.dll
2010-09-06 18:22 . 1998-07-06 05:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
2010-09-06 18:22 . 2009-08-20 17:38 421888 ----a-w- c:\windows\system32\CapturixFrameWorkDLL.dll
2010-09-06 18:22 . 2002-05-01 03:32 352256 ----a-w- c:\windows\system32\ijl15.dll
2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\Capturix VideoSpy
2010-09-06 02:13 . 2010-09-06 02:13 -------- d-----w- c:\users\Julieta\AppData\Roaming\OpenOffice.org
2010-09-06 02:09 . 2010-09-06 02:09 -------- d-----w- c:\program files\JRE
2010-09-06 02:08 . 2010-09-06 02:09 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 02:08 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-05 22:39 . 2010-09-05 23:06 -------- d-----w- c:\users\Julieta\AppData\Roaming\Xilisoft
2010-09-05 22:38 . 2010-09-05 22:38 -------- d-----w- c:\program files\MSECache
2010-09-05 08:30 . 2010-09-05 08:30 -------- d-----w- c:\users\Julieta\AppData\Roaming\Leawo
2010-09-05 08:29 . 2010-09-05 08:29 -------- d-----w- c:\program files\Leawo
2010-09-04 05:52 . 2010-09-06 17:59 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
2010-09-04 05:46 . 2010-09-04 05:47 -------- d-----w- c:\users\Julieta\AppData\Roaming\GeoVid
2010-09-04 05:46 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-09-04 05:46 . 2010-09-04 05:46 -------- d-----w- c:\program files\Common Files\GeoVid
2010-08-23 03:45 . 2010-08-28 18:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Update
2010-08-19 06:02 . 2010-08-19 06:02 -------- d-----w- c:\program files\Lame for Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 02:13 . 2010-03-25 00:43 -------- d-----w- c:\users\Julieta\AppData\Roaming\Dropbox
2010-09-15 02:07 . 2008-12-22 02:42 3204 ----a-w- c:\windows\bthservsdp.dat
2010-09-14 23:45 . 2008-12-22 06:39 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 23:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:03 . 2010-05-22 01:59 -------- d-----w- c:\programdata\PCDr
2010-09-14 13:33 . 2008-12-22 07:00 -------- d-----w- c:\program files\LogMeIn
2010-09-10 15:24 . 2010-02-10 07:36 0 ----a-w- c:\users\Julieta\AppData\Local\prvlcl.dat
2010-09-10 09:36 . 2008-12-22 02:58 146360 ----a-w- c:\users\Julieta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 09:06 . 2008-12-22 03:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-10 05:34 . 2009-02-15 04:14 -------- d-----w- c:\users\Julieta\AppData\Roaming\uTorrent
2010-09-09 21:20 . 2008-12-22 02:52 -------- d-----w- c:\program files\Lenovo
2010-09-06 18:01 . 2010-02-12 21:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Java
2010-09-01 16:31 . 2008-12-22 06:54 -------- d-----w- c:\users\Julieta\AppData\Roaming\Skype
2010-09-01 16:25 . 2008-12-22 06:55 -------- d-----w- c:\users\Julieta\AppData\Roaming\skypePM
2010-08-31 08:10 . 2010-08-01 08:07 -------- d-----w- c:\program files\PC-Doctor
2010-08-31 01:35 . 2010-07-27 04:31 -------- d-----w- c:\users\Julieta\AppData\Roaming\FileZilla
2010-08-31 01:28 . 2010-07-27 04:31 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-28 12:45 . 2010-05-05 03:31 -------- d-----w- c:\programdata\DivX
2010-08-28 12:45 . 2009-09-29 05:34 -------- d-----w- c:\program files\DivX
2010-08-28 12:45 . 2010-01-10 00:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-25 08:30 . 2010-01-24 20:33 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-25 08:30 . 2008-12-22 02:59 394600 ------w- c:\windows\PWMBTHLV.EXE
2010-08-25 08:30 . 2008-12-22 02:59 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2010-08-21 21:17 . 2010-01-25 03:41 -------- d-----w- c:\users\Julieta\AppData\Roaming\Audacity
2010-08-14 10:06 . 2010-05-26 22:30 -------- d-----w- c:\program files\AAdvantage eShoppingSM Toolbar
2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\program files\iTunes
2010-08-14 08:06 . 2010-08-14 08:06 -------- d-----w- c:\program files\iPod
2010-08-14 08:06 . 2009-06-21 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 08:04 . 2010-01-25 03:55 -------- d-----w- c:\program files\QuickTime
2010-08-14 07:59 . 2010-08-14 07:59 -------- d-----w- c:\program files\Bonjour
2010-08-14 04:04 . 2009-02-15 04:15 -------- d-----w- c:\program files\uTorrent
2010-08-12 19:14 . 2008-12-22 03:36 -------- d-----w- c:\program files\Google
2010-08-12 01:47 . 2008-12-27 08:01 -------- d-----w- c:\program files\Stata10
2010-08-06 16:39 . 2010-08-06 16:39 -------- d-----w- c:\program files\AoA Audio Extractor
2010-07-27 07:46 . 2008-12-22 04:09 -------- d-----w- c:\programdata\FLEXnet
2010-07-26 18:23 . 2010-04-17 15:26 -------- d-----w- c:\program files\AC3Filter
2010-07-26 16:00 . 2010-07-26 15:59 -------- d-----w- c:\program files\Ghostgum
2010-07-26 04:57 . 2010-07-26 04:55 -------- d-----w- c:\program files\dvdSanta
2010-07-25 23:01 . 2008-12-22 06:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-25 20:21 . 2010-07-23 03:58 -------- d-----w- c:\program files\Intel
2010-07-25 00:11 . 2009-05-25 04:42 -------- d-----w- c:\users\Julieta\AppData\Roaming\SmartDraw
2010-07-25 00:11 . 2009-01-28 20:38 -------- d-----w- c:\users\Julieta\AppData\Roaming\TestGen
2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Printer Info Cache
2010-07-25 00:11 . 2009-06-19 19:11 -------- d-----w- c:\users\Julieta\AppData\Roaming\LimeWire
2010-07-25 00:11 . 2009-11-20 05:39 -------- d-----w- c:\users\Julieta\AppData\Roaming\HpUpdate
2010-07-25 00:11 . 2009-11-02 23:15 -------- d-----w- c:\users\Julieta\AppData\Roaming\Elluminate
2010-07-25 00:11 . 2009-07-31 21:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Download Manager
2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Image Zone Express
2010-07-25 00:07 . 2009-03-23 17:10 -------- d-----w- c:\programdata\WebEx
2010-07-25 00:07 . 2008-12-27 08:23 -------- d-----w- c:\programdata\StatTransfer9
2010-07-25 00:07 . 2008-12-22 03:44 -------- d-----w- c:\programdata\Symantec
2010-07-25 00:07 . 2008-12-22 03:20 -------- d-----w- c:\programdata\Sonic
2010-07-25 00:07 . 2009-01-30 00:23 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
2010-07-25 00:05 . 2009-11-07 01:40 -------- d-----w- c:\program files\PuTTY
2010-07-25 00:05 . 2009-08-20 04:38 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2010-07-25 00:04 . 2008-12-22 03:36 -------- d-----w- c:\program files\Picasa2
2010-07-25 00:04 . 2009-01-25 07:02 -------- d-----w- c:\program files\Motorola Phone Tools
2010-07-25 00:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-25 00:04 . 2008-12-22 06:45 -------- d-----w- c:\program files\Microsoft Works
2010-07-24 23:59 . 2008-12-22 03:16 -------- d-----w- c:\program files\Lenovo Registration
2010-07-24 23:59 . 2009-11-08 23:03 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-07-24 23:59 . 2008-12-27 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-24 23:59 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-24 23:58 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-24 23:58 . 2009-01-21 02:01 -------- d-----w- c:\program files\Common Files\Macromedia
2010-07-24 23:58 . 2008-12-22 03:12 -------- d-----w- c:\program files\Common Files\Lenovo
2010-07-24 23:58 . 2009-11-08 22:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-24 23:58 . 2009-06-20 19:07 -------- d-----w- c:\program files\Audacity
2010-07-24 23:58 . 2009-01-25 07:14 -------- d-----w- c:\program files\Avanquest update
2010-07-24 23:58 . 2009-06-21 04:19 -------- d-----w- c:\program files\Apple Software Update
2010-07-24 23:58 . 2009-07-06 06:44 -------- d-----w- c:\program files\Alarm Clock
2010-07-24 23:31 . 2009-06-21 04:24 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2010-07-24 23:31 . 2009-05-22 02:46 -------- d-----w- c:\programdata\WindowsSearch
2010-07-24 23:31 . 2008-12-22 07:37 -------- d-----w- c:\programdata\Yahoo!
2010-07-24 23:31 . 2008-12-22 02:58 -------- d-----w- c:\programdata\UIB
2010-07-24 23:31 . 2008-12-22 06:53 -------- d-----w- c:\programdata\Skype
2010-07-24 23:31 . 2010-05-26 16:40 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-24 23:31 . 2010-05-22 02:00 -------- d-----w- c:\programdata\PC-Doctor for Windows
2010-07-24 23:31 . 2010-01-21 16:54 -------- d-----w- c:\programdata\NOS
2010-07-24 23:31 . 2008-12-22 03:24 -------- d-----w- c:\programdata\PC-Doctor
2010-07-24 23:29 . 2009-12-20 23:07 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
2010-07-24 23:28 . 2010-06-20 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 23:28 . 2009-03-25 15:30 -------- d-----w- c:\program files\MATLAB
2010-07-24 23:28 . 2009-01-21 01:59 -------- d-----w- c:\program files\Macromedia
2010-07-24 23:27 . 2009-11-23 01:05 -------- d-----w- c:\program files\Larson Software Technology
2010-07-24 23:27 . 2010-06-19 06:34 -------- d-----w- c:\program files\Kodak Print Service
2010-07-24 23:27 . 2009-11-23 00:27 -------- d-----w- c:\program files\IrfanView
2010-07-24 23:27 . 2008-12-22 03:23 -------- d-----w- c:\program files\InterVideo
2010-07-24 23:27 . 2008-12-22 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 23:27 . 2010-04-27 02:45 -------- d-----w- c:\program files\Insightful
2010-07-24 23:27 . 2009-12-20 23:14 -------- d-----w- c:\program files\ImageConverter Plus
2010-07-24 23:27 . 2008-12-22 03:27 -------- d-----w- c:\program files\HP
2010-07-24 23:27 . 2010-06-20 05:57 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-07-24 23:27 . 2010-03-13 23:42 -------- d-----w- c:\program files\EViews6SV
2010-07-24 23:27 . 2010-02-07 23:50 -------- d-----w- c:\program files\Gavlock Consulting
2010-07-24 23:25 . 2010-04-11 17:12 -------- d-----w- c:\program files\Ares
2010-07-24 23:25 . 2008-12-22 03:04 -------- d-----w- c:\program files\Analog Devices
2008-12-22 02:34 . 2008-12-22 02:34 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-08-25 214576]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]

c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 16:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Julieta^AppData^Roaming^Microsoft^Windows^Sta rt Menu^Programs^Startup^LenovoWelcome.lnk]
path=c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
backup=c:\windows\pss\LenovoWelcome.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 22:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 ------w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 14:51 1015808 ------w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-08 20:53 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-15 04:25 135664 -----tw- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
2006-12-29 17:01 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
2008-05-31 18:49 376944 ------r- c:\program files\Alarm Clock\Alarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-28 15:36 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 23:38 583048 ------w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-27 01:08 202256 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3152529466-1860945956-3253294106-1002]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-06 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-06 243024]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-23 20376]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-06 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-06 308136]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
S2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-12-01 35080]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002Core.job
- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002UA.job
- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

2009-07-06 c:\windows\Tasks\New Alarm.job
- c:\program files\Alarm Clock\Alarm.exe [2008-05-31 18:49]

2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-08-18 16:49]

2010-09-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-25 12:29]

2010-09-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-08-18 20:35]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: aol.com\free
Trusted Zone: umanitoba.ca\osav.cc
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\n prpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\Julieta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserp lus_2.9.8.dll
FF - plugin: c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Quick Hide Windows - (no file)
HKCU-Run-Olcoalv - c:\users\Julieta\AppData\Roaming\e1e6032N.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-TeXLive - c:\julieta\tex\tlpkg\installer\uninst.bat



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76B74B11-20B8-00A2-12EF-7C313B771570}*]
@Allowed: (Read) (RestrictedCode)
"ealmceecch"=hex:66,61,66,6e,68,61,6c,61,6e,61,62,64,00,fc
"daompnia"=hex:64,62,70,6b,64,63,67,64,64,6e,68,69,65,6a,69,6c,67,6b,6c,67, 63,
67,62,6a,61,6d,6e,61,6f,65,6c,6a,6f,65,6e,6b,63,66,68,6f,00,00
"iadobbdnpmbomljdoc"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f ,66,
66,6d,64,67,00,00
"hankphblbfdoglih"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,6 6,
66,6d,64,67,00,00

[HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8AF1E71-0D27-1F6F-798A-8E3B747FA9BB}*]
@Allowed: (Read) (RestrictedCode)
"jamoidipgfnccbmmlmnn"=hex:62,61,61,6a,00,00
"jamoidipgfnccbmmlmjd"=hex:62,61,6e,6a,00,00
"iamphkmlhagfdfcngo"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,62,68,69,63,6d ,70,
6e,6e,70,6f,00,00
"hagmkbiljcakffpd"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,69,68,62,64,66,6 5,
65,67,61,6a,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4840)
c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\PC-Doctor\ATLPcdToolbar563221.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Alarm Clock\Alarm Tray.exe
c:\program files\LogMeIn\x86\LogMeInSystray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Completion time: 2010-09-14 21:21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-15 02:20

Pre-Run: 7,069,536,256 bytes free
Post-Run: 11,407,433,728 bytes free

- - End Of File - - A347608B4AAF2D4C919F275230C855B8
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
15-Sep-2010, 07:33 AM #6
copy this folder to your desktop

c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

right click on it and zip it

go here

http://www.bleepingcomputer.com/subm...php?channel=72

In the first box put this link in

http://forums.techguy.org/virus-othe...ox-google.html

Browse to the zip file of the folder on your desktop and upload it

Under comments say its from Rorschach

Tell me when that is done
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
15-Sep-2010, 11:13 AM #7
I uploaded the file. Thanks, Rorschach.
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
15-Sep-2010, 02:27 PM #8
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::


Firefox::
FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

Folder::
c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}


Registry::

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
15-Sep-2010, 06:39 PM #9
Here's the log, Rorschach. Thanks again.

ComboFix 10-09-15.01 - Julieta 09/15/2010 17:13:27.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.800 [GMT -5:00]
Running from: c:\julieta & ankit\My Installation files\ComboFix.exe
Command switches used :: c:\julieta & ankit\My Installation files\CFScript.txt
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome.manifest
c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul
c:\users\Julieta\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 22:29 . 2010-09-15 22:30 -------- d-----w- c:\users\Julieta\AppData\Local\temp
2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC\AppData\Local\temp
2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC.Julieta-PC\AppData\Local\temp
2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 22:29 . 2010-09-15 22:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-14 23:45 . 2010-09-14 23:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-14 23:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 23:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 23:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 23:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 04:30 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2010-09-10 09:12 . 2010-09-10 09:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\users\Julieta\AppData\Local\Nero_AG
2010-09-09 03:50 . 2010-09-09 03:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Nero
2010-09-09 03:34 . 2010-09-09 03:44 -------- d-----w- c:\programdata\Nero
2010-09-09 03:33 . 2010-09-09 03:34 -------- d-----w- c:\program files\Common Files\Nero
2010-09-09 03:33 . 2010-09-09 03:44 -------- d-----w- c:\program files\Nero
2010-09-09 01:31 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-09 01:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-09 01:30 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-09 01:29 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-09 01:29 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-06 19:47 . 2010-09-06 19:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-06 19:47 . 2010-09-06 19:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 19:47 . 2010-09-06 19:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 19:47 . 2010-09-15 15:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-06 19:47 . 2010-09-06 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 19:44 . 2010-09-06 19:44 -------- d-----w- c:\programdata\avg9
2010-09-06 18:22 . 2007-05-04 20:51 40448 ----a-w- c:\windows\system32\RegOBJ.dll
2010-09-06 18:22 . 2007-05-04 20:51 1003520 ----a-w- c:\windows\system32\ltmm_n.dll
2010-09-06 18:22 . 2007-05-04 20:51 204800 ----a-w- c:\windows\system32\falcon.dll
2010-09-06 18:22 . 2004-03-26 09:53 180224 ----a-w- c:\windows\system32\aspsms.dll
2010-09-06 18:22 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\MFC42D.dll
2010-09-06 18:22 . 2004-02-27 05:00 827445 ----a-w- c:\windows\system32\MFCO42D.dll
2010-09-06 18:22 . 2003-10-02 16:06 185384 ----a-w- c:\windows\system32\cstcpapi.DLL
2010-09-06 18:22 . 2000-08-29 05:00 516173 ----a-w- c:\windows\system32\MSVCP60D.dll
2010-09-06 18:22 . 1998-07-06 05:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
2010-09-06 18:22 . 2009-08-20 17:38 421888 ----a-w- c:\windows\system32\CapturixFrameWorkDLL.dll
2010-09-06 18:22 . 2002-05-01 03:32 352256 ----a-w- c:\windows\system32\ijl15.dll
2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\Capturix VideoSpy
2010-09-06 02:13 . 2010-09-06 02:13 1 ----a-w- c:\users\Julieta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\s tamp.sys
2010-09-06 02:13 . 2010-09-06 02:13 -------- d-----w- c:\users\Julieta\AppData\Roaming\OpenOffice.org
2010-09-06 02:09 . 2010-09-06 02:09 -------- d-----w- c:\program files\JRE
2010-09-06 02:08 . 2010-09-06 02:09 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 02:08 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-05 22:39 . 2010-09-05 23:06 -------- d-----w- c:\users\Julieta\AppData\Roaming\Xilisoft
2010-09-05 22:38 . 2010-09-05 22:38 -------- d-----w- c:\program files\MSECache
2010-09-05 08:30 . 2010-09-05 08:30 -------- d-----w- c:\users\Julieta\AppData\Roaming\Leawo
2010-09-05 08:29 . 2010-09-05 08:29 -------- d-----w- c:\program files\Leawo
2010-09-04 05:52 . 2010-09-06 17:59 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
2010-09-04 05:46 . 2010-09-04 05:47 -------- d-----w- c:\users\Julieta\AppData\Roaming\GeoVid
2010-09-04 05:46 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-09-04 05:46 . 2010-09-04 05:46 -------- d-----w- c:\program files\Common Files\GeoVid
2010-08-28 18:52 . 2010-08-28 18:52 10077328 ----a-w- c:\users\Julieta\AppData\Roaming\Update\patch_551461to563221_32_05\patch_55 1461to563221_32_05.exe
2010-08-28 12:45 . 2010-08-28 12:45 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 12:45 . 2010-08-28 12:36 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 12:45 . 2010-08-28 12:45 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 12:45 . 2010-08-28 12:45 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-28 12:45 . 2010-08-28 12:45 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 12:44 . 2010-08-28 12:44 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 12:36 . 2010-08-28 12:36 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-23 03:45 . 2010-08-28 18:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Update
2010-08-19 06:02 . 2010-08-19 06:02 -------- d-----w- c:\program files\Lame for Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 13:10 . 2008-12-22 07:00 -------- d-----w- c:\program files\LogMeIn
2010-09-15 13:10 . 2008-12-22 04:09 -------- d-----w- c:\programdata\FLEXnet
2010-09-15 02:13 . 2010-03-25 00:43 -------- d-----w- c:\users\Julieta\AppData\Roaming\Dropbox
2010-09-15 02:07 . 2008-12-22 02:42 3204 ----a-w- c:\windows\bthservsdp.dat
2010-09-14 23:45 . 2008-12-22 06:39 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 23:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:03 . 2010-05-22 01:59 -------- d-----w- c:\programdata\PCDr
2010-09-10 15:24 . 2010-02-10 07:36 0 ----a-w- c:\users\Julieta\AppData\Local\prvlcl.dat
2010-09-10 09:36 . 2008-12-22 02:58 146360 ----a-w- c:\users\Julieta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 09:06 . 2008-12-22 03:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-10 05:34 . 2009-02-15 04:14 -------- d-----w- c:\users\Julieta\AppData\Roaming\uTorrent
2010-09-09 21:20 . 2008-12-22 02:52 -------- d-----w- c:\program files\Lenovo
2010-09-06 18:01 . 2010-02-12 21:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Java
2010-09-01 16:31 . 2008-12-22 06:54 -------- d-----w- c:\users\Julieta\AppData\Roaming\Skype
2010-09-01 16:25 . 2008-12-22 06:55 -------- d-----w- c:\users\Julieta\AppData\Roaming\skypePM
2010-08-31 08:10 . 2010-08-01 08:07 -------- d-----w- c:\program files\PC-Doctor
2010-08-31 01:35 . 2010-07-27 04:31 -------- d-----w- c:\users\Julieta\AppData\Roaming\FileZilla
2010-08-31 01:28 . 2010-07-27 04:31 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-28 12:48 . 2010-05-05 03:37 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 12:45 . 2010-05-05 03:31 -------- d-----w- c:\programdata\DivX
2010-08-28 12:45 . 2009-09-29 05:34 -------- d-----w- c:\program files\DivX
2010-08-28 12:45 . 2010-01-10 00:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-28 12:36 . 2010-05-05 03:35 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-28 12:36 . 2010-05-05 03:35 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-25 08:30 . 2010-01-24 20:33 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-25 08:30 . 2008-12-22 02:59 394600 ------w- c:\windows\PWMBTHLV.EXE
2010-08-25 08:30 . 2008-12-22 02:59 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2010-08-21 21:17 . 2010-01-25 03:41 -------- d-----w- c:\users\Julieta\AppData\Roaming\Audacity
2010-08-14 10:06 . 2010-05-26 22:30 -------- d-----w- c:\program files\AAdvantage eShoppingSM Toolbar
2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\program files\iTunes
2010-08-14 08:06 . 2010-08-14 08:06 -------- d-----w- c:\program files\iPod
2010-08-14 08:06 . 2009-06-21 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 08:04 . 2010-01-25 03:55 -------- d-----w- c:\program files\QuickTime
2010-08-14 07:59 . 2010-08-14 07:59 -------- d-----w- c:\program files\Bonjour
2010-08-14 07:55 . 2010-08-14 07:55 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-14 04:04 . 2009-02-15 04:15 -------- d-----w- c:\program files\uTorrent
2010-08-12 19:14 . 2008-12-22 03:36 -------- d-----w- c:\program files\Google
2010-08-12 01:47 . 2008-12-27 08:01 -------- d-----w- c:\program files\Stata10
2010-08-06 16:39 . 2010-08-06 16:39 -------- d-----w- c:\program files\AoA Audio Extractor
2010-07-26 18:23 . 2010-04-17 15:26 -------- d-----w- c:\program files\AC3Filter
2010-07-26 16:00 . 2010-07-26 15:59 -------- d-----w- c:\program files\Ghostgum
2010-07-26 04:57 . 2010-07-26 04:55 -------- d-----w- c:\program files\dvdSanta
2010-07-25 23:01 . 2008-12-22 06:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-25 20:21 . 2010-07-23 03:58 -------- d-----w- c:\program files\Intel
2010-07-25 00:11 . 2009-05-25 04:42 -------- d-----w- c:\users\Julieta\AppData\Roaming\SmartDraw
2010-07-25 00:11 . 2009-01-28 20:38 -------- d-----w- c:\users\Julieta\AppData\Roaming\TestGen
2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Printer Info Cache
2010-07-25 00:11 . 2009-06-19 19:11 -------- d-----w- c:\users\Julieta\AppData\Roaming\LimeWire
2010-07-25 00:11 . 2009-11-20 05:39 -------- d-----w- c:\users\Julieta\AppData\Roaming\HpUpdate
2010-07-25 00:11 . 2009-11-02 23:15 -------- d-----w- c:\users\Julieta\AppData\Roaming\Elluminate
2010-07-25 00:11 . 2009-07-31 21:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Download Manager
2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Image Zone Express
2010-07-25 00:07 . 2009-03-23 17:10 -------- d-----w- c:\programdata\WebEx
2010-07-25 00:07 . 2008-12-27 08:23 -------- d-----w- c:\programdata\StatTransfer9
2010-07-25 00:07 . 2008-12-22 03:44 -------- d-----w- c:\programdata\Symantec
2010-07-25 00:07 . 2008-12-22 03:20 -------- d-----w- c:\programdata\Sonic
2010-07-25 00:07 . 2009-01-30 00:23 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
2010-07-25 00:05 . 2009-11-07 01:40 -------- d-----w- c:\program files\PuTTY
2010-07-25 00:05 . 2009-08-20 04:38 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2010-07-25 00:04 . 2008-12-22 03:36 -------- d-----w- c:\program files\Picasa2
2010-07-25 00:04 . 2009-01-25 07:02 -------- d-----w- c:\program files\Motorola Phone Tools
2010-07-25 00:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-25 00:04 . 2008-12-22 06:45 -------- d-----w- c:\program files\Microsoft Works
2010-07-24 23:59 . 2008-12-22 03:16 -------- d-----w- c:\program files\Lenovo Registration
2010-07-24 23:59 . 2009-11-08 23:03 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-07-24 23:59 . 2008-12-27 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-24 23:59 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-24 23:58 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-24 23:58 . 2009-01-21 02:01 -------- d-----w- c:\program files\Common Files\Macromedia
2010-07-24 23:58 . 2008-12-22 03:12 -------- d-----w- c:\program files\Common Files\Lenovo
2010-07-24 23:58 . 2009-11-08 22:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-24 23:58 . 2009-06-20 19:07 -------- d-----w- c:\program files\Audacity
2010-07-24 23:58 . 2009-01-25 07:14 -------- d-----w- c:\program files\Avanquest update
2010-07-24 23:58 . 2009-06-21 04:19 -------- d-----w- c:\program files\Apple Software Update
2010-07-24 23:58 . 2009-07-06 06:44 -------- d-----w- c:\program files\Alarm Clock
2010-07-24 23:31 . 2009-06-21 04:24 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2010-07-24 23:31 . 2009-05-22 02:46 -------- d-----w- c:\programdata\WindowsSearch
2010-07-24 23:31 . 2008-12-22 07:37 -------- d-----w- c:\programdata\Yahoo!
2010-07-24 23:31 . 2008-12-22 02:58 -------- d-----w- c:\programdata\UIB
2010-07-24 23:31 . 2008-12-22 06:53 -------- d-----w- c:\programdata\Skype
2010-07-24 23:31 . 2010-05-26 16:40 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-24 23:31 . 2010-05-22 02:00 -------- d-----w- c:\programdata\PC-Doctor for Windows
2010-07-24 23:31 . 2010-01-21 16:54 -------- d-----w- c:\programdata\NOS
2010-07-24 23:31 . 2008-12-22 03:24 -------- d-----w- c:\programdata\PC-Doctor
2010-07-24 23:29 . 2009-12-20 23:07 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
2010-07-24 23:28 . 2010-06-20 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 23:28 . 2009-03-25 15:30 -------- d-----w- c:\program files\MATLAB
2010-07-24 23:28 . 2009-01-21 01:59 -------- d-----w- c:\program files\Macromedia
2010-07-24 23:27 . 2009-11-23 01:05 -------- d-----w- c:\program files\Larson Software Technology
2010-07-24 23:27 . 2010-06-19 06:34 -------- d-----w- c:\program files\Kodak Print Service
2010-07-24 23:27 . 2009-11-23 00:27 -------- d-----w- c:\program files\IrfanView
2010-07-24 23:27 . 2008-12-22 03:23 -------- d-----w- c:\program files\InterVideo
2010-07-24 23:27 . 2008-12-22 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 23:27 . 2010-04-27 02:45 -------- d-----w- c:\program files\Insightful
2010-07-24 23:27 . 2009-12-20 23:14 -------- d-----w- c:\program files\ImageConverter Plus
2010-07-24 23:27 . 2008-12-22 03:27 -------- d-----w- c:\program files\HP
2010-07-24 23:27 . 2010-06-20 05:57 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2008-12-22 02:34 . 2008-12-22 02:34 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-08-25 214576]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]

c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 16:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Julieta^AppData^Roaming^Microsoft^Windows^Sta rt Menu^Programs^Startup^LenovoWelcome.lnk]
path=c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
backup=c:\windows\pss\LenovoWelcome.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 22:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 ------w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 14:51 1015808 ------w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-08 20:53 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-15 04:25 135664 -----tw- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
2006-12-29 17:01 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
2008-05-31 18:49 376944 ------r- c:\program files\Alarm Clock\Alarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-28 15:36 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 23:38 583048 ------w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-27 01:08 202256 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3152529466-1860945956-3253294106-1002]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-06 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-06 243024]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-23 20376]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-06 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-06 308136]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
S2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-12-01 35080]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002Core.job
- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002UA.job
- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

2009-07-06 c:\windows\Tasks\New Alarm.job
- c:\program files\Alarm Clock\Alarm.exe [2008-05-31 18:49]

2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-08-18 16:49]

2010-09-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-25 12:29]

2010-09-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-08-18 20:35]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: aol.com\free
Trusted Zone: umanitoba.ca\osav.cc
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\n prpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\Julieta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserp lus_2.9.8.dll
FF - plugin: c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 17:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76B74B11-20B8-00A2-12EF-7C313B771570}*]
@Allowed: (Read) (RestrictedCode)
"ealmceecch"=hex:66,61,66,6e,68,61,6c,61,6e,61,62,64,00,fc
"daompnia"=hex:64,62,70,6b,64,63,67,64,64,6e,68,69,65,6a,69,6c,67,6b,6c,67, 63,
67,62,6a,61,6d,6e,61,6f,65,6c,6a,6f,65,6e,6b,63,66,68,6f,00,00
"iadobbdnpmbomljdoc"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f ,66,
66,6d,64,67,00,00
"hankphblbfdoglih"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,6 6,
66,6d,64,67,00,00

[HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8AF1E71-0D27-1F6F-798A-8E3B747FA9BB}*]
@Allowed: (Read) (RestrictedCode)
"jamoidipgfnccbmmlmnn"=hex:62,61,61,6a,00,00
"jamoidipgfnccbmmlmjd"=hex:62,61,6e,6a,00,00
"iamphkmlhagfdfcngo"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,62,68,69,63,6d ,70,
6e,6e,70,6f,00,00
"hagmkbiljcakffpd"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,69,68,62,64,66,6 5,
65,67,61,6a,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-15 17:33:09
ComboFix-quarantined-files.txt 2010-09-15 22:33
ComboFix2.txt 2010-09-15 02:21

Pre-Run: 11,902,246,912 bytes free
Post-Run: 11,863,285,760 bytes free

- - End Of File - - 863D7580E3C82A5BA7F12A56B4621730
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
15-Sep-2010, 07:06 PM #10
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :Filefind
*FF_com*
*install.rdf*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
15-Sep-2010, 07:33 PM #11
SystemLook 04.09.10 by jpshortstuff
Log created at 18:26 on 15/09/2010 by Julieta
Administrator - Elevation successful

========== Filefind ==========

Searching for "*FF_com*"
C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdb fd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul.vir --a---- 228 bytes [20:42 11/12/2008] [20:42 11/12/2008] EFFC85318AC2DBB0F14B07A4F0A99AFD
C:\Users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul --a---- 228 bytes [15:09 15/09/2010] [20:42 11/12/2008] EFFC85318AC2DBB0F14B07A4F0A99AFD
C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_hu-hu_d4e981664746bfff_comdlg32.dll.mui_ac8e62f4 ------- 57344 bytes [06:31 25/03/2009] [06:10 25/03/2009] E0698406A57873076B4F82D516D56995

Searching for "*install.rdf*"
C:\Program Files\AVG\AVG9\Firefox\install.rdf --a---- 962 bytes [19:45 06/09/2010] [19:45 06/09/2010] 0E17FD1F504B5DE1D667A8B0734E2B90
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\install.rdf --a---- 678 bytes [02:07 06/09/2010] [02:07 06/09/2010] 7D03B0EFE4414281DB2BD7BAA924BE7B
C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\install.rdf ------- 1188 bytes [03:16 22/12/2006] [18:31 10/07/2008] 9E623F86D97D799B4FE49FFA002C5428
C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\install.rdf.bak ------- 1187 bytes [06:29 04/06/2010] [03:16 22/12/2006] BF3A3EE6EF583BCA093E33A6B6801B88
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf --a---- 1390 bytes [07:16 22/12/2008] [14:43 08/09/2010] 2855728987A9D8C6BF41DE3FDA9BED1A
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\install.rdf ------- 671 bytes [08:02 19/04/2009] [08:02 19/04/2009] E58BF172869A6D012EE294943D9CD903
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\install.rdf ------- 671 bytes [03:52 06/09/2009] [03:52 06/09/2009] 0BED046D52C01DFD42C1E7258723C0AE
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf ------- 671 bytes [14:34 04/12/2009] [14:34 04/12/2009] 7DE9757BFD3D41992ECDB67F54161EF4
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf --a---- 671 bytes [02:08 06/09/2010] [02:08 06/09/2010] 84CA5C42A6DBC29804D3D1F8CD719B54
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\install.rdf --a---- 671 bytes [17:58 06/09/2010] [17:58 06/09/2010] 0F3D3A0550A4982433F4294FF5E48D09
C:\Program Files\Mozilla Thunderbird\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf ------- 1493 bytes [00:28 10/01/2010] [10:53 08/06/2010] 284DF857D192B10CACF8E69721F3F1EC
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf ------- 882 bytes [01:09 27/06/2010] [01:09 27/06/2010] 579235120275415DE0DB75DBF4417872
C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdb fd0-fa26-11de-8a39-0800200c9a66}\install.rdf.vir --a---- 973 bytes [04:57 26/02/2010] [04:57 26/02/2010] 8CAE24E27B0D0D21903EC91CBA8656E6
C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf ------- 882 bytes [01:09 27/06/2010] [01:09 27/06/2010] 579235120275415DE0DB75DBF4417872
C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\es-AR@dictionaries.addons.mozilla.org\install.rdf ------- 1241 bytes [03:58 21/02/2010] [22:38 21/01/2010] C56DA89F3BD995086DC1F4C56621C1EA
C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\LogMeInClient@logmein.com\install.rdf ------- 594 bytes [15:16 12/06/2010] [14:42 01/06/2010] 28A441B195BE79500B4E643B87E0EAAC
C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf ------- 1269 bytes [14:39 28/04/2010] [23:13 20/04/2010] 9C06BEB662EC9B41D5B51A7480085A49
C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf --a---- 1687 bytes [13:40 25/07/2010] [13:41 25/07/2010] 93F0C51F6A59CE9836DC4506F461B4FD
C:\Users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\{dc572301-7619-498c-a57d-39143191b318}\install.rdf ------- 1188 bytes [17:02 17/06/2010] [17:22 17/06/2010] AE5F434E6301C3C454644727194479AD
C:\Users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf --a---- 973 bytes [15:09 15/09/2010] [04:57 26/02/2010] 8CAE24E27B0D0D21903EC91CBA8656E6
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\install.rdf ------- 1071 bytes [17:48 23/01/2009] [17:48 23/01/2009] 86FDB53478C447EF4ABAAB49E343705B

-= EOF =-
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
15-Sep-2010, 07:36 PM #12
Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://forums.techguy.org/virus-other-malware-removal/949971-redirected-when-using-firefox-google.html#post7600876

Suspect::
C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdb fd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul.vir
C:\Qoobox\Quarantine\C\Users\Julieta\AppData\Roaming\Mozilla\Firefox\{4bcdb fd0-fa26-11de-8a39-0800200c9a66}\install.rdf.vir
Folder::
C:\Users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
15-Sep-2010, 08:06 PM #13
ComboFix 10-09-15.01 - Julieta 09/15/2010 18:49:07.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.752 [GMT -5:00]
Running from: c:\julieta & ankit\My Installation files\ComboFix.exe
Command switches used :: c:\julieta & ankit\My Installation files\CFScript.txt
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome.manifest
c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\chrome\Content\FF_com.xul
c:\users\Julieta\Desktop\TechGuy\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Julieta\AppData\Local\temp
2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC\AppData\Local\temp
2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\TM_OSCE_JULIETA-PC.Julieta-PC\AppData\Local\temp
2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 23:59 . 2010-09-15 23:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-14 23:45 . 2010-09-14 23:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-14 23:32 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 23:32 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 23:32 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 23:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 04:30 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2010-09-10 09:12 . 2010-09-10 09:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-09 22:06 . 2010-09-09 22:06 -------- d-----w- c:\users\Julieta\AppData\Local\Nero_AG
2010-09-09 03:50 . 2010-09-09 03:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Nero
2010-09-09 03:34 . 2010-09-09 03:44 -------- d-----w- c:\programdata\Nero
2010-09-09 03:33 . 2010-09-09 03:34 -------- d-----w- c:\program files\Common Files\Nero
2010-09-09 03:33 . 2010-09-09 03:44 -------- d-----w- c:\program files\Nero
2010-09-09 01:31 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-09 01:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-09 01:30 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-09 01:29 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-09 01:29 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-06 19:47 . 2010-09-06 19:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-06 19:47 . 2010-09-06 19:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 19:47 . 2010-09-06 19:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 19:47 . 2010-09-15 15:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-06 19:47 . 2010-09-06 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 19:44 . 2010-09-06 19:44 -------- d-----w- c:\programdata\avg9
2010-09-06 18:22 . 2007-05-04 20:51 40448 ----a-w- c:\windows\system32\RegOBJ.dll
2010-09-06 18:22 . 2007-05-04 20:51 1003520 ----a-w- c:\windows\system32\ltmm_n.dll
2010-09-06 18:22 . 2007-05-04 20:51 204800 ----a-w- c:\windows\system32\falcon.dll
2010-09-06 18:22 . 2004-03-26 09:53 180224 ----a-w- c:\windows\system32\aspsms.dll
2010-09-06 18:22 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\MFC42D.dll
2010-09-06 18:22 . 2004-02-27 05:00 827445 ----a-w- c:\windows\system32\MFCO42D.dll
2010-09-06 18:22 . 2003-10-02 16:06 185384 ----a-w- c:\windows\system32\cstcpapi.DLL
2010-09-06 18:22 . 2000-08-29 05:00 516173 ----a-w- c:\windows\system32\MSVCP60D.dll
2010-09-06 18:22 . 1998-07-06 05:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
2010-09-06 18:22 . 2009-08-20 17:38 421888 ----a-w- c:\windows\system32\CapturixFrameWorkDLL.dll
2010-09-06 18:22 . 2002-05-01 03:32 352256 ----a-w- c:\windows\system32\ijl15.dll
2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\Capturix VideoSpy
2010-09-06 02:13 . 2010-09-06 02:13 1 ----a-w- c:\users\Julieta\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\s tamp.sys
2010-09-06 02:13 . 2010-09-06 02:13 -------- d-----w- c:\users\Julieta\AppData\Roaming\OpenOffice.org
2010-09-06 02:09 . 2010-09-06 02:09 -------- d-----w- c:\program files\JRE
2010-09-06 02:08 . 2010-09-06 02:09 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 02:08 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-05 22:39 . 2010-09-05 23:06 -------- d-----w- c:\users\Julieta\AppData\Roaming\Xilisoft
2010-09-05 22:38 . 2010-09-05 22:38 -------- d-----w- c:\program files\MSECache
2010-09-05 08:30 . 2010-09-05 08:30 -------- d-----w- c:\users\Julieta\AppData\Roaming\Leawo
2010-09-05 08:29 . 2010-09-05 08:29 -------- d-----w- c:\program files\Leawo
2010-09-04 05:52 . 2010-09-06 17:59 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
2010-09-04 05:46 . 2010-09-04 05:47 -------- d-----w- c:\users\Julieta\AppData\Roaming\GeoVid
2010-09-04 05:46 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-09-04 05:46 . 2010-09-04 05:46 -------- d-----w- c:\program files\Common Files\GeoVid
2010-08-28 18:52 . 2010-08-28 18:52 10077328 ----a-w- c:\users\Julieta\AppData\Roaming\Update\patch_551461to563221_32_05\patch_55 1461to563221_32_05.exe
2010-08-28 12:45 . 2010-08-28 12:45 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 12:45 . 2010-08-28 12:36 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 12:45 . 2010-08-28 12:45 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 12:45 . 2010-08-28 12:45 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-28 12:45 . 2010-08-28 12:45 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 12:44 . 2010-08-28 12:44 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 12:36 . 2010-08-28 12:36 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-23 03:45 . 2010-08-28 18:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Update
2010-08-19 06:02 . 2010-08-19 06:02 -------- d-----w- c:\program files\Lame for Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 22:45 . 2010-03-25 00:43 -------- d-----w- c:\users\Julieta\AppData\Roaming\Dropbox
2010-09-15 22:42 . 2008-12-22 02:42 3204 ----a-w- c:\windows\bthservsdp.dat
2010-09-15 13:10 . 2008-12-22 07:00 -------- d-----w- c:\program files\LogMeIn
2010-09-15 13:10 . 2008-12-22 04:09 -------- d-----w- c:\programdata\FLEXnet
2010-09-14 23:45 . 2008-12-22 06:39 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 23:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:03 . 2010-05-22 01:59 -------- d-----w- c:\programdata\PCDr
2010-09-10 15:24 . 2010-02-10 07:36 0 ----a-w- c:\users\Julieta\AppData\Local\prvlcl.dat
2010-09-10 09:36 . 2008-12-22 02:58 146360 ----a-w- c:\users\Julieta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 09:06 . 2008-12-22 03:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-10 05:34 . 2009-02-15 04:14 -------- d-----w- c:\users\Julieta\AppData\Roaming\uTorrent
2010-09-09 21:20 . 2008-12-22 02:52 -------- d-----w- c:\program files\Lenovo
2010-09-06 18:01 . 2010-02-12 21:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 17:58 . 2008-12-22 03:17 -------- d-----w- c:\program files\Java
2010-09-01 16:31 . 2008-12-22 06:54 -------- d-----w- c:\users\Julieta\AppData\Roaming\Skype
2010-09-01 16:25 . 2008-12-22 06:55 -------- d-----w- c:\users\Julieta\AppData\Roaming\skypePM
2010-08-31 08:10 . 2010-08-01 08:07 -------- d-----w- c:\program files\PC-Doctor
2010-08-31 01:35 . 2010-07-27 04:31 -------- d-----w- c:\users\Julieta\AppData\Roaming\FileZilla
2010-08-31 01:28 . 2010-07-27 04:31 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-28 12:48 . 2010-05-05 03:37 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 12:45 . 2010-05-05 03:31 -------- d-----w- c:\programdata\DivX
2010-08-28 12:45 . 2009-09-29 05:34 -------- d-----w- c:\program files\DivX
2010-08-28 12:45 . 2010-01-10 00:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-28 12:36 . 2010-05-05 03:35 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-28 12:36 . 2010-05-05 03:35 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-25 08:30 . 2010-01-24 20:33 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-08-25 08:30 . 2008-12-22 02:59 394600 ------w- c:\windows\PWMBTHLV.EXE
2010-08-25 08:30 . 2008-12-22 02:59 11552 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2010-08-21 21:17 . 2010-01-25 03:41 -------- d-----w- c:\users\Julieta\AppData\Roaming\Audacity
2010-08-14 10:06 . 2010-05-26 22:30 -------- d-----w- c:\program files\AAdvantage eShoppingSM Toolbar
2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-14 08:07 . 2010-08-14 08:06 -------- d-----w- c:\program files\iTunes
2010-08-14 08:06 . 2010-08-14 08:06 -------- d-----w- c:\program files\iPod
2010-08-14 08:06 . 2009-06-21 04:17 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 08:04 . 2010-01-25 03:55 -------- d-----w- c:\program files\QuickTime
2010-08-14 07:59 . 2010-08-14 07:59 -------- d-----w- c:\program files\Bonjour
2010-08-14 07:55 . 2010-08-14 07:55 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-14 04:04 . 2009-02-15 04:15 -------- d-----w- c:\program files\uTorrent
2010-08-12 19:14 . 2008-12-22 03:36 -------- d-----w- c:\program files\Google
2010-08-12 01:47 . 2008-12-27 08:01 -------- d-----w- c:\program files\Stata10
2010-08-06 16:39 . 2010-08-06 16:39 -------- d-----w- c:\program files\AoA Audio Extractor
2010-07-26 18:23 . 2010-04-17 15:26 -------- d-----w- c:\program files\AC3Filter
2010-07-26 16:00 . 2010-07-26 15:59 -------- d-----w- c:\program files\Ghostgum
2010-07-26 04:57 . 2010-07-26 04:55 -------- d-----w- c:\program files\dvdSanta
2010-07-25 23:01 . 2008-12-22 06:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-25 20:21 . 2010-07-23 03:58 -------- d-----w- c:\program files\Intel
2010-07-25 00:11 . 2009-05-25 04:42 -------- d-----w- c:\users\Julieta\AppData\Roaming\SmartDraw
2010-07-25 00:11 . 2009-01-28 20:38 -------- d-----w- c:\users\Julieta\AppData\Roaming\TestGen
2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Printer Info Cache
2010-07-25 00:11 . 2009-06-19 19:11 -------- d-----w- c:\users\Julieta\AppData\Roaming\LimeWire
2010-07-25 00:11 . 2009-11-20 05:39 -------- d-----w- c:\users\Julieta\AppData\Roaming\HpUpdate
2010-07-25 00:11 . 2009-11-02 23:15 -------- d-----w- c:\users\Julieta\AppData\Roaming\Elluminate
2010-07-25 00:11 . 2009-07-31 21:50 -------- d-----w- c:\users\Julieta\AppData\Roaming\Download Manager
2010-07-25 00:11 . 2009-02-22 22:25 -------- d-----w- c:\users\Julieta\AppData\Roaming\Image Zone Express
2010-07-25 00:07 . 2009-03-23 17:10 -------- d-----w- c:\programdata\WebEx
2010-07-25 00:07 . 2008-12-27 08:23 -------- d-----w- c:\programdata\StatTransfer9
2010-07-25 00:07 . 2008-12-22 03:44 -------- d-----w- c:\programdata\Symantec
2010-07-25 00:07 . 2008-12-22 03:20 -------- d-----w- c:\programdata\Sonic
2010-07-25 00:07 . 2009-01-30 00:23 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
2010-07-25 00:05 . 2009-11-07 01:40 -------- d-----w- c:\program files\PuTTY
2010-07-25 00:05 . 2009-08-20 04:38 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2010-07-25 00:04 . 2008-12-22 03:36 -------- d-----w- c:\program files\Picasa2
2010-07-25 00:04 . 2009-01-25 07:02 -------- d-----w- c:\program files\Motorola Phone Tools
2010-07-25 00:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-25 00:04 . 2008-12-22 06:45 -------- d-----w- c:\program files\Microsoft Works
2010-07-24 23:59 . 2008-12-22 03:16 -------- d-----w- c:\program files\Lenovo Registration
2010-07-24 23:59 . 2009-11-08 23:03 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-07-24 23:59 . 2008-12-27 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-24 23:59 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-24 23:58 . 2008-12-22 03:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-24 23:58 . 2009-01-21 02:01 -------- d-----w- c:\program files\Common Files\Macromedia
2010-07-24 23:58 . 2008-12-22 03:12 -------- d-----w- c:\program files\Common Files\Lenovo
2010-07-24 23:58 . 2009-11-08 22:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-24 23:58 . 2009-06-20 19:07 -------- d-----w- c:\program files\Audacity
2010-07-24 23:58 . 2009-01-25 07:14 -------- d-----w- c:\program files\Avanquest update
2010-07-24 23:58 . 2009-06-21 04:19 -------- d-----w- c:\program files\Apple Software Update
2010-07-24 23:58 . 2009-07-06 06:44 -------- d-----w- c:\program files\Alarm Clock
2010-07-24 23:31 . 2009-06-21 04:24 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2010-07-24 23:31 . 2009-05-22 02:46 -------- d-----w- c:\programdata\WindowsSearch
2010-07-24 23:31 . 2008-12-22 07:37 -------- d-----w- c:\programdata\Yahoo!
2010-07-24 23:31 . 2008-12-22 02:58 -------- d-----w- c:\programdata\UIB
2010-07-24 23:31 . 2008-12-22 06:53 -------- d-----w- c:\programdata\Skype
2010-07-24 23:31 . 2010-05-26 16:40 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-24 23:31 . 2010-05-22 02:00 -------- d-----w- c:\programdata\PC-Doctor for Windows
2010-07-24 23:31 . 2010-01-21 16:54 -------- d-----w- c:\programdata\NOS
2010-07-24 23:31 . 2008-12-22 03:24 -------- d-----w- c:\programdata\PC-Doctor
2010-07-24 23:29 . 2009-12-20 23:07 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
2010-07-24 23:28 . 2010-06-20 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 23:28 . 2009-03-25 15:30 -------- d-----w- c:\program files\MATLAB
2010-07-24 23:28 . 2009-01-21 01:59 -------- d-----w- c:\program files\Macromedia
2010-07-24 23:27 . 2009-11-23 01:05 -------- d-----w- c:\program files\Larson Software Technology
2010-07-24 23:27 . 2010-06-19 06:34 -------- d-----w- c:\program files\Kodak Print Service
2010-07-24 23:27 . 2009-11-23 00:27 -------- d-----w- c:\program files\IrfanView
2010-07-24 23:27 . 2008-12-22 03:23 -------- d-----w- c:\program files\InterVideo
2010-07-24 23:27 . 2008-12-22 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 23:27 . 2010-04-27 02:45 -------- d-----w- c:\program files\Insightful
2010-07-24 23:27 . 2009-12-20 23:14 -------- d-----w- c:\program files\ImageConverter Plus
2010-07-24 23:27 . 2008-12-22 03:27 -------- d-----w- c:\program files\HP
2010-07-24 23:27 . 2010-06-20 05:57 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2008-12-22 02:34 . 2008-12-22 02:34 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-15_22.30.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-22 03:11 . 2010-09-15 22:48 91452 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-22 03:11 . 2010-09-14 23:54 91452 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-15 22:48 93280 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-22 02:07 . 2010-09-15 22:48 15878 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3152529466-1860945956-3253294106-1002_UserData.bin
+ 2008-12-22 02:02 . 2010-09-15 22:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2008-12-22 02:02 . 2010-09-15 18:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2008-12-22 02:02 . 2010-09-15 18:02 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2008-12-22 02:02 . 2010-09-15 22:43 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2008-12-22 02:02 . 2010-09-15 22:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2008-12-22 02:02 . 2010-09-15 18:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-03-27 14:40 . 2010-09-15 22:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2009-03-27 14:40 . 2010-09-15 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2009-03-27 14:40 . 2010-09-15 02:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat
+ 2009-03-27 14:40 . 2010-09-15 22:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat
+ 2009-03-27 14:40 . 2010-09-15 22:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2009-03-27 14:40 . 2010-09-15 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2010-09-15 02:09 . 2010-09-15 02:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-15 22:43 . 2010-09-15 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-15 02:09 . 2010-09-15 02:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 22:43 . 2010-09-15 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-15 22:48 715500 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-15 22:03 715500 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-15 22:03 143616 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-15 22:48 143616 c:\windows\System32\perfc009.dat
- 2009-01-30 01:02 . 2010-09-15 02:07 8971944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-30 01:02 . 2010-09-15 22:42 8971944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\users\Julieta\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-06 2065760]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2010-08-25 214576]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]

c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Julieta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-6-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 16:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Julieta^AppData^Roaming^Microsoft^Windows^Sta rt Menu^Programs^Startup^LenovoWelcome.lnk]
path=c:\users\Julieta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
backup=c:\windows\pss\LenovoWelcome.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 22:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 ------w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 14:51 1015808 ------w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-08 20:53 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-15 04:25 135664 -----tw- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
2006-12-29 17:01 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
2008-05-31 18:49 376944 ------r- c:\program files\Alarm Clock\Alarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-28 15:36 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 23:38 583048 ------w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-27 01:08 202256 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3152529466-1860945956-3253294106-1002]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v040 0.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-06 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-06 243024]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-23 20376]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-06 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-06 308136]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-25 12856]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
S2 UpekSrvc;Upek Service;c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe [2009-12-01 35080]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:29]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002Core.job
- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152529466-1860945956-3253294106-1002UA.job
- c:\users\Julieta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-15 04:25]

2009-07-06 c:\windows\Tasks\New Alarm.job
- c:\program files\Alarm Clock\Alarm.exe [2008-05-31 18:49]

2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-08-18 16:49]

2010-09-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-25 12:29]

2010-09-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-08-18 20:35]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: aol.com\free
Trusted Zone: umanitoba.ca\osav.cc
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://www-307.ibm.com/pc/support/acpirexe.cab
FF - ProfilePath - c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym|http://webmail.cc.umanitoba.ca/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\n prpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\Julieta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\users\Julieta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserp lus_2.9.8.dll
FF - plugin: c:\users\Julieta\AppData\Roaming\Mozilla\Firefox\Profiles\1sodi5vs.default\ extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 18:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76B74B11-20B8-00A2-12EF-7C313B771570}*]
@Allowed: (Read) (RestrictedCode)
"ealmceecch"=hex:66,61,66,6e,68,61,6c,61,6e,61,62,64,00,fc
"daompnia"=hex:64,62,70,6b,64,63,67,64,64,6e,68,69,65,6a,69,6c,67,6b,6c,67, 63,
67,62,6a,61,6d,6e,61,6f,65,6c,6a,6f,65,6e,6b,63,66,68,6f,00,00
"iadobbdnpmbomljdoc"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f ,66,
66,6d,64,67,00,00
"hankphblbfdoglih"=hex:6b,61,68,62,6b,6a,68,69,6f,70,65,67,67,62,64,69,6f,6 6,
66,6d,64,67,00,00

[HKEY_USERS\S-1-5-21-3152529466-1860945956-3253294106-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8AF1E71-0D27-1F6F-798A-8E3B747FA9BB}*]
@Allowed: (Read) (RestrictedCode)
"jamoidipgfnccbmmlmnn"=hex:62,61,61,6a,00,00
"jamoidipgfnccbmmlmjd"=hex:62,61,6e,6a,00,00
"iamphkmlhagfdfcngo"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,62,68,69,63,6d ,70,
6e,6e,70,6f,00,00
"hagmkbiljcakffpd"=hex:6b,61,66,6a,64,6d,63,6e,64,6f,67,66,69,68,62,64,66,6 5,
65,67,61,6a,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-15 19:02:32
ComboFix-quarantined-files.txt 2010-09-16 00:02
ComboFix2.txt 2010-09-15 22:33
ComboFix3.txt 2010-09-15 02:21

Pre-Run: 14,157,873,152 bytes free
Post-Run: 14,009,159,680 bytes free

- - End Of File - - A2CC68D0231DC2063FC54040E8C9F7F4
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
16-Sep-2010, 08:50 AM #14
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
adnaps1's Avatar
Computer Specs
Junior Member with 13 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
16-Sep-2010, 12:46 PM #15
Rorschach, I have run TFC. I had MBAM installed on my computer, but to make sure I'm doing exactly as you say, I first un-installed MBAM and restarted the computer before re-installing using the instructions you gave me. During the re-installation process, I got the following error message: "MBAM_ERROR_ENUMERATE_LANGUAGES(3,0). The system cannot find the path specified." When I clicked on OK for that message, the installation continued and completed. Should I just continue with your instructions, or do we need to do something to address this error?

Thanks.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Internet Explorer popups when using firefox only levi9909 Virus & Other Malware Removal 0 07-Feb-2010 06:05 PM
help google/yahoo redirect in firefox and IE, spybot s&d and malwarebytes won't start jakeg2 Virus & Other Malware Removal 0 31-Mar-2009 01:51 AM
Redirected when using IE7 and google Chunkrugby Virus & Other Malware Removal 9 13-Jan-2009 02:30 PM
Redirected via copy-book and ecata when using IE7 and google Chunkrugby Virus & Other Malware Removal 0 04-Jan-2009 09:49 AM
When using Firefox and need to view page in IE Red Boy All Other Software 2 27-Jul-2005 08:55 AM

TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 10:12 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

VigLink badge
Trusted Website Back to the Top ↑