Win 7 Security 2012

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
Hi there,

My laptop has been hijacked by Win 7 Security 2012.
I downloaded HijackThis, GMER and DDS but this malware is preventing me from running any software AT ALL!

Any assistance you could give me this evening at least to allow me to be able to run software would be SO MUCH appreciated since this is my work laptop and I have a huge project due tomorrow.

:eek:

I'm at a loss for what to do. I have tried to run my antivirus with no success.
I tried to shut off services in msconfig...no luck there either.

Thank you so much for your assistance in advance.

Jodee
 

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
Hey there,

Further to my last post, I was finally able to manipulate this screwy virus and obtain the requested logs. Currently, it seems all the pop-ups for Win 7 Security have stopped (following a scan with Eset online scanner - see log below) but now I am unable to open any software without having to locate the actual application file, right click and press on start. It won't allow me to use any quick link, shortcut etc.


HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:50 AM, on 14/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DSE\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [{0F21659B-DF23-676A-C7E3-1C37CCBE5A31}] C:\Users\DSE\AppData\Roaming\Nopo\viru.exe
O4 - .DEFAULT User Startup: irsuh.exe (User 'Default user')
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Visio\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

--
End of file - 11285 bytes



DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by DSE at 11:00:39 on 2011-12-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1274 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = local;*.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] c:\users\dse\appdata\local\akamai\netsession_win.exe
uRun: [{0F21659B-DF23-676A-C7E3-1C37CCBE5A31}] c:\users\dse\appdata\roaming\nopo\viru.exe
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Classic Start Menu] "c:\program files\classic shell\ClassicStartMenu.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\visio\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
TCP: Interfaces\{3231845E-F7E8-48EC-AC46-E0F0AB6E5D4C} : DhcpNameServer = 10.64.32.1
TCP: Interfaces\{3B13E466-41C8-4710-A85E-6786D4AEBA43} : DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E} : DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\44A475 : DhcpNameServer = 24.200.241.37 24.201.245.77
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\4596465637245616368634C65726 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\461647166716C65647 : DhcpNameServer = 10.255.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dse\appdata\roaming\mozilla\firefox\profiles\efv5jupl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dse\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\dse\appdata\roaming\mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-8-1 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-26 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-6 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-6 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-28 428200]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-9-1 1692920]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-6 66616]
R2 BackupService;BackupService;c:\users\dse\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2010-9-2 83512]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-9-1 98304]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-10-5 93032]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-1 130920]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-1 64952]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-12-26 72320]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-26 5073920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-26 106496]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 485376]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-8-22 225408]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-12-26 5946368]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-12-26 88832]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-1 45496]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-9-1 106496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-26 29472]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-15 41272]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-6-27 22640]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-26 75040]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-6-27 45608]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-11-23 330072]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2010-1-29 16680]
.
=============== File Associations ===============
.
.exe=0S
.
=============== Created Last 30 ================
.
2011-12-13 14:26:51 -------- d-----w- c:\program files\ESET
2011-12-13 02:19:16 -------- d-----w- c:\users\dse\appdata\local\{F5C4F13C-0DF9-45F6-A18C-23D1BBC7E8BE}
2011-12-13 02:17:07 -------- d-----w- c:\users\dse\appdata\local\{3400E238-BE83-4D9B-AD19-C35CDA7FB536}
2011-12-13 02:16:36 -------- d-----w- c:\users\dse\appdata\roaming\Ohcol
2011-12-13 02:16:36 -------- d-----w- c:\users\dse\appdata\roaming\Nopo
2011-12-10 03:35:49 -------- d-----w- c:\users\dse\appdata\local\{FFA44DAB-B098-456D-8C57-96A878ED662A}
2011-12-10 03:34:30 -------- d-----w- c:\users\dse\appdata\local\{2AAB4C7B-6A4B-40A5-9360-CC4761DA5CE2}
2011-12-07 16:19:08 -------- d-----w- c:\program files\Guide des Tarifs 6.4
2011-12-07 02:19:23 596296 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\afurladvisor80.dll
2011-12-04 18:59:04 -------- d-----w- c:\users\dse\appdata\local\{9BD6C1B6-76A2-41C6-8D61-29234997394A}
2011-12-04 18:57:39 -------- d-----w- c:\users\dse\appdata\local\{08EE44F2-9287-44B9-A223-897B5F232520}
2011-12-03 20:29:08 -------- d-----w- c:\users\dse\appdata\local\Conexant
2011-12-03 19:54:09 -------- d-----w- c:\users\dse\appdata\local\{C34DD914-C28A-4574-90D5-B9CFFD4AD67A}
2011-12-03 19:52:17 -------- d-----w- c:\users\dse\appdata\local\{206F458F-4C11-427C-95E9-EE871E745B13}
2011-12-02 14:47:52 -------- d-----w- c:\users\dse\appdata\local\{EE1F5A5D-351E-48DA-BE25-B1547E07CFA4}
2011-12-02 14:47:09 -------- d-----w- c:\users\dse\appdata\local\{1736320B-523C-4791-A74E-79C452B48B59}
2011-12-02 02:47:51 -------- d-----w- c:\users\dse\appdata\local\{A79B69CF-FB42-48F7-95AE-ED3A9C34B3B9}
2011-12-02 02:46:33 -------- d-----w- c:\users\dse\appdata\local\{CAF66D90-A4B9-4E54-9C32-9E140022BF4D}
2011-12-01 14:36:57 -------- d-----w- c:\users\dse\appdata\local\{0300C302-7501-4AA5-9A93-FEC6835B4DD7}
2011-12-01 14:36:44 -------- d-----w- c:\users\dse\appdata\local\{16A15651-012D-4F22-8C7D-D74B4E8ECE94}
2011-11-29 14:51:54 -------- d-----w- c:\users\dse\appdata\local\{B98B80D4-FB10-4226-8B81-EB1828AA51E1}
2011-11-29 14:51:41 -------- d-----w- c:\users\dse\appdata\local\{DA6A5FE0-A9DF-451F-815D-8FE8AB0F58F7}
2011-11-27 19:30:38 -------- d-----w- c:\users\dse\appdata\local\{DBC5F437-ADB8-4691-B9B3-D3BFC4B8FD9C}
2011-11-27 19:29:14 -------- d-----w- c:\users\dse\appdata\local\{A5EAE55F-2F13-444C-A199-D234664E3A1A}
2011-11-23 14:31:21 -------- d-----w- c:\users\dse\appdata\local\{0A9DF5CF-79B7-44BA-9942-DA89027F32C8}
2011-11-23 14:30:13 -------- d-----w- c:\users\dse\appdata\local\{FBEB23FE-B7E5-457C-84DF-9594EBCF1B5C}
2011-11-20 18:31:05 -------- d-----w- c:\users\dse\appdata\local\{231ADF19-17A8-4120-8089-ED3D82EA6FB6}
2011-11-20 18:29:46 -------- d-----w- c:\users\dse\appdata\local\{E7D7956B-D1E4-49A0-9E2B-E922F6316857}
2011-11-19 02:28:10 -------- d-----w- c:\users\dse\appdata\local\{6227FE28-F71D-462F-A49F-A20709679A3C}
2011-11-19 02:27:29 -------- d-----w- c:\users\dse\appdata\local\{86E9C0E8-029C-4DAB-B9B4-3DD37C38A75C}
2011-11-16 17:09:38 214528 ----a-w- c:\windows\system32\PCountStCME.dll
2011-11-16 17:09:38 -------- d-----w- c:\program files\PractiCount and Invoice (Standard)
2011-11-16 15:28:55 -------- d-----w- c:\users\dse\appdata\local\{2C1EE2C3-7B31-4F0F-B0D7-1B5ED0977ACE}
2011-11-16 15:27:35 -------- d-----w- c:\users\dse\appdata\local\{18DF5A1B-2798-414B-98C7-42698939363A}
2011-11-15 16:21:43 -------- d-----w- c:\users\dse\appdata\local\{426F172D-DA1B-4994-BEC8-25209D5A6E08}
2011-11-15 16:20:23 -------- d-----w- c:\users\dse\appdata\local\{651ECD2E-610A-4200-9B9E-B77A2671D697}
.
==================== Find3M ====================
.
2011-12-01 15:49:46 55 ---h--w- c:\windows\system32\mzdse.sys
2011-11-27 19:29:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:01:55.12 ===============


DDS - ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/12/2009 12:03:43 PM
System Uptime: 14/12/2011 2:03:28 AM (9 hours ago)
.
Motherboard: LENOVO | | 4058CTO
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | None | 2801/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 166 GiB total, 56.467 GiB free.
D: is FIXED (NTFS) - 121 GiB total, 63.044 GiB free.
H: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.048 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP572: 09/11/2011 10:39:56 PM - Windows Update
RP573: 11/11/2011 3:00:33 AM - Windows Update
RP575: 15/11/2011 1:40:30 PM - Revo Uninstaller's restore point - PractiCount and Invoice 3.2 (Standard)
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3DVIA player 5.0
7-Zip 9.10 beta
ABBYY FineReader 8.0 Professional Edition
Access Help
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS3 Icon Handler
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
AnyCount 7.0
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
ATI Uninstaller
µTorrent
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
BlackWidow version 6.10
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CCleaner
Classic Shell
Client Security - Password Manager
Conexant 20561 SmartAudio HD
Connect
Core Temp version 0.99.8
Create Recovery Media
D3DX10
DirectX 9 Runtime
Dropbox
ESET Online Scanner v3
Evernote v. 4.5
Facebook Plug-In
FileZilla Client 3.5.0
Firestorm-Beta-Mesh (remove only)
Font Fitting Room Deluxe
Google Update Helper
GoToMeeting 4.5.0.457
Guide des Tarifs 6.4
Hex Color Finder
HiJackThis
Hotspot Shield 2.18
Integrated Camera Driver Installer Package Ver.1.27.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD 8
IsoBuster 2.7
Java Auto Updater
Java(TM) 6 Update 23
Jet Set Go
Junk Mail filter update
kuler
Lenovo Auto Scroll Utility
Lenovo Fingerprint Software
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware version 1.51.1.1800
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft IntelliType Pro 8.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Reader
Microsoft Research AutoCollage Touch 2009
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mobile Broadband Connect
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFonts Order M2709896
MySQL Connector/ODBC 3.51
NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
On Screen Display
PDF Settings CS4
Phoenix Viewer 1.5.2.1102
Photoshop Camera Raw
Pixel Bender Toolkit
PractiCount and Invoice 3.2 (Standard)
PX Profile Update
QuickTime
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Revo Uninstaller 1.85
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Roxio Media Manager
SDL TRADOS 7 Freelance
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Simply Accounting by Sage 2009
Skype™ 5.5
Snagit 9.1
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Suite Shared Configuration CS4
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
TK8 StickyNotes 3.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VLC media player 1.1.10
WeatherEye
WebEx
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
14/12/2011 2:10:56 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
14/12/2011 2:10:14 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
14/12/2011 2:06:34 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
14/12/2011 2:06:03 AM, Error: Service Control Manager [7022] - The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.
14/12/2011 2:04:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
14/12/2011 2:04:04 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
14/12/2011 2:04:04 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
14/12/2011 2:03:56 AM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter
14/12/2011 2:03:56 AM, Error: amdkmdag [43029] - Display is not active
14/12/2011 2:03:42 AM, Error: Ntfs [137] - The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code.
14/12/2011 10:09:58 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
13/12/2011 4:56:01 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
13/12/2011 4:56:01 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
13/12/2011 2:03:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82f26795, 0xb2c6c754, 0x00000000). A dump was saved in: C:\Windows\Minidump\121311-27081-01.dmp. Report Id: 121311-27081-01.
13/12/2011 12:44:02 PM, Error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The pipe has been ended.
13/12/2011 12:43:28 PM, Error: Service Control Manager [7034] - The Data Transfer Service service terminated unexpectedly. It has done this 1 time(s).
13/12/2011 12:42:43 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
13/12/2011 12:42:14 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
13/12/2011 12:38:16 PM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.
13/12/2011 10:25:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SUService service.
12/12/2011 8:56:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/12/2011 8:53:59 PM, Error: Service Control Manager [7034] - The AuthenTec Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2011 4:12:42 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2011 4:12:40 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/12/2011 9:32:56 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
09/12/2011 10:33:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Simply Accounting Database Connection Manager service to connect.
.
==== End Of File ===========================


GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 17:55:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.14.0
Running: 52l8o5s3.exe; Driver: C:\Users\DSE\AppData\Local\Temp\awldapob.sys


---- System - GMER 1.0.15 ----

SSDT 90888456 ZwCreateSection
SSDT 9088845B ZwSetContextThread
SSDT 908883F7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E89349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC9EAC 4 Bytes [56, 84, 88, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82ECA24C 4 Bytes [5B, 84, 88, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82ECA324 4 Bytes [F7, 83, 88, 90]
.text netbt.sys 8A7BA000 105 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text netbt.sys 8A7BA06A 52 Bytes [92, 7D, 8A, FE, 4E, 0F, F6, ...]
.text netbt.sys 8A7BA0A0 13 Bytes [8A, 55, 0F, 8B, CF, FF, D3, ...]
.text netbt.sys 8A7BA0AE 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text netbt.sys 8A7BA0C5 16 Bytes [10, 57, FF, 15, 70, 90, 7D, ...]
.text ...
? C:\Windows\System32\DRIVERS\netbt.sys suspicious PE modification
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x90A31000, 0x2D27D6, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 76FA5F18 5 Bytes JMP 005D000A
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtWriteVirtualMemory 76FA6A98 5 Bytes JMP 0062000A
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!KiUserExceptionDispatcher 76FA7008 5 Bytes JMP 005C000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000066 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8FDB9000-8FDD3000 (106496 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5db69f8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x79 0xFB 0x59 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5db69f8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x79 0xFB 0x59 0x6E ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB29298$\2878396898 0 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\@ 2048 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\bckfg.tmp 850 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\cfg.ini 185 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\keywords 222 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\L 0 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\L\xadqgnnk 187904 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U 0 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 2048 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 224768 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 12800 bytes
File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 98304 bytes
File C:\Windows\$NtUninstallKB29298$\4141271340 0 bytes

---- EOF - GMER 1.0.15 ----



ESET online scanner
C:\Users\DSE\AppData\Local\vcf.exe a variant of Win32/Kryptik.XEQ trojan cleaned by deleting - quarantined
C:\Users\DSE\AppData\Local\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
C:\Users\DSE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7bd790e3-5bf637c8 a variant of Win32/Kryptik.XEQ trojan cleaned by deleting - quarantined
C:\Windows\System32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.GG trojan unable to clean



Thank you in advance!!!
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,263
Jodee:

I received your private message.

I'm not trained to deal with your DDS and GMER logs, so my assistance is somewhat limited. A trained gold/blue shield member will need to assist you with those logs.

-------------------------------------------------------

Ask Toolbar

uTorrent

kuler


should be uninstalled in "Control Panel - Programs And Features".

-------------------------------------------------------

Java(TM) 6 Update 23 should be updated to version 6 Update 30

Malwarebytes Anti-Malware 1.51.1.1800 should be updated to version 1.51.2.1300 and should have its definition files updated.

Mozilla Firefox 8.0 should be updated to version 8.0.1

Skype 5.5 should be updated to version 5.6

SUPERAntiSpyware 5.0.0.1136 should be installed so it can work with Malwarebytes Anti-Malware to find and remove threats in your computer.

VLC Media Player 1.1.10 should be updated to version 1.1.11

-------------------------------------------------------
 

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
Hi there,

Thank you for the tips. Hopefully someone will be able to help me. I'm now getting redirects when doing searches in Google. Also I'm unable to install any programs. For every program I want to open, I still have to locate the application file and right click on start.

Thanks again
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,263
I'll see if I can get a gold/blue shield member to assist you.

This section is VERY busy, so you may not get a reply for 24 - 48 hours.

--------------------------------------------------------
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
 

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
Hi there

Thanks for the instructions. I had some difficulty in running Combifix. It was taking hours each time, then my laptop would shut off unexpectedly. This went on for awhile...that's wht it took so long fo rme to get back to you. Yesterday I was finally able to run it successfully. See attached for the log.

It seems as though my laptop is back to normal. Is there anything else I should verify?

Thanks so much,

Jodee
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
It is very possible that Avira has fixed it by repairing the infected driver
Are you having any problems or is it all OK
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
ok a bit of clearing up still to do

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. If it doesn't, then reboot manually Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
 

Attachments

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
Hey there,

Here is the Combofix + CFScript log:

ComboFix 11-12-21.02 - DSE 21/12/2011 13:24:19.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1323 [GMT -5:00]
Running from: c:\users\DSE\Desktop\ComboFix.exe
Command switches used :: c:\users\DSE\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\070ba803-49f8-4fe7-8a18-40930827162f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\2d662263-8349-40fc-8bca-552cc5d7cfda.dll
c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll
c:\users\DSE\AppData\Roaming\Nopo
c:\users\DSE\AppData\Roaming\Ohcol
c:\windows\$NtUninstallKB29298$
c:\windows\system32\SET85D8.tmp
c:\windows\system32\SET9A38.tmp
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 18:38 . 2011-12-21 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-17 20:01 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-17 17:28 . 2011-12-17 20:31 -------- d-----w- C:\jodee123
2011-12-13 14:26 . 2011-12-13 14:26 -------- d-----w- c:\program files\ESET
2011-12-07 16:19 . 2011-12-07 16:21 -------- d-----w- c:\program files\Guide des Tarifs 6.4
2011-12-07 02:19 . 2011-11-23 20:45 596296 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor80.dll
2011-12-03 20:29 . 2011-12-03 20:29 -------- d-----w- c:\users\DSE\AppData\Local\Conexant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 19:29 . 2011-06-16 13:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 02:08 . 2011-10-15 02:08 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:03 . 2011-11-09 20:57 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 20:56 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 14:22 . 2011-05-15 16:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\DSE\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2008-09-19 87336]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2009-12-22 86528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Bluetooth.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Digital Line Detect.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^EvernoteClipper.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^HP SimpleSave Monitor.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^RCIMGDIR.exe.lnk]
path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
2009-10-14 01:33 36864 ------w- c:\program files\Lenovo\Access Connections\AcTBenabler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-01-25 14:31 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-04-23 04:16 1725736 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TK8 StickyNotes]
2011-01-05 18:28 9212720 ----a-w- c:\program files\TK8 StickyNotes\TK8StickyNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
2009-10-27 01:42 718232 ------w- c:\program files\WeatherNetwork\WeatherEye.exe
.
R2 BackupService;BackupService;c:\users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-09-01 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 GPU-Z;GPU-Z;c:\users\DSE\AppData\Local\Temp\GPU-Z.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-01-25 288112]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-11-23 330072]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-11-23 329544]
R4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-09-01 1692920]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-09-01 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-23 225408]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
.
2011-12-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
Completion time: 2011-12-21 13:41:52
ComboFix-quarantined-files.txt 2011-12-21 18:41
ComboFix2.txt 2011-12-17 20:31
.
Pre-Run: 59,060,322,304 bytes free
Post-Run: 58,664,890,368 bytes free
.
- - End Of File - - D5FDB869812CCAC67CD78DFB5CB342D9
 

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
P.S. I disabled Avira but Combofix seems to always detect it. There must be something hidden because I don't see it anywhere...not even in the processes.

Thanks
 

Jodee

Thread Starter
Joined
Apr 11, 2007
Messages
93
Oh, and one last thing: It seems my Windows updates cannot install. It has been attempting to install 8 important updates with no success. Think it could be related to this infection?

Thank you so much for your time and effort in assisting me. It is very much appreciated.

Jodee
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top