1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 7 Security 2012

Discussion in 'Virus & Other Malware Removal' started by Jodee, Dec 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Hi there,

    My laptop has been hijacked by Win 7 Security 2012.
    I downloaded HijackThis, GMER and DDS but this malware is preventing me from running any software AT ALL!

    Any assistance you could give me this evening at least to allow me to be able to run software would be SO MUCH appreciated since this is my work laptop and I have a huge project due tomorrow.

    :eek:

    I'm at a loss for what to do. I have tried to run my antivirus with no success.
    I tried to shut off services in msconfig...no luck there either.

    Thank you so much for your assistance in advance.

    Jodee
     
  2. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Hey there,

    Further to my last post, I was finally able to manipulate this screwy virus and obtain the requested logs. Currently, it seems all the pop-ups for Win 7 Security have stopped (following a scan with Eset online scanner - see log below) but now I am unable to open any software without having to locate the actual application file, right click and press on start. It won't allow me to use any quick link, shortcut etc.


    HijackThis
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:58:50 AM, on 14/12/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\DSE\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
    O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
    O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\DSE\AppData\Local\Akamai\netsession_win.exe
    O4 - HKCU\..\Run: [{0F21659B-DF23-676A-C7E3-1C37CCBE5A31}] C:\Users\DSE\AppData\Roaming\Nopo\viru.exe
    O4 - .DEFAULT User Startup: irsuh.exe (User 'Default user')
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Visio\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
    O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
    O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

    --
    End of file - 11285 bytes



    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by DSE at 11:00:39 on 2011-12-14
    Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1274 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\DTS.exe
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\AtService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Lenovo\Access Connections\AcSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\System32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = local;*.local
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Akamai NetSession Interface] c:\users\dse\appdata\local\akamai\netsession_win.exe
    uRun: [{0F21659B-DF23-676A-C7E3-1C37CCBE5A31}] c:\users\dse\appdata\roaming\nopo\viru.exe
    mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [TpShocks] TpShocks.exe
    mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [Classic Start Menu] "c:\program files\classic shell\ClassicStartMenu.exe"
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\visio\office12\REFIEBAR.DLL
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    LSP: mswsock.dll
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
    TCP: Interfaces\{3231845E-F7E8-48EC-AC46-E0F0AB6E5D4C} : DhcpNameServer = 10.64.32.1
    TCP: Interfaces\{3B13E466-41C8-4710-A85E-6786D4AEBA43} : DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
    TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E} : DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
    TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\44A475 : DhcpNameServer = 24.200.241.37 24.201.245.77
    TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\4596465637245616368634C65726 : DhcpNameServer = 24.92.226.11 24.92.226.12
    TCP: Interfaces\{8B6CC3D8-E686-48AD-9BFC-7C6C6A74E77E}\461647166716C65647 : DhcpNameServer = 10.255.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dse\appdata\roaming\mozilla\firefox\profiles\efv5jupl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dse\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\dse\appdata\roaming\mozilla\plugins\npatgpc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-8-1 13680]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-26 172032]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-6 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-6 269480]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-28 428200]
    R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-9-1 1692920]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-6 66616]
    R2 BackupService;BackupService;c:\users\dse\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2010-9-2 83512]
    R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-9-1 98304]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-10-5 93032]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-1 130920]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-1 64952]
    R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-12-26 72320]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-26 5073920]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-26 106496]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 485376]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-8-22 225408]
    R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-12-26 5946368]
    R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-12-26 88832]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-1 45496]
    S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-9-1 106496]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-26 29472]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-15 41272]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-6-27 22640]
    S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-26 75040]
    S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2010-6-27 45608]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
    S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-15 135664]
    S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-11-23 330072]
    S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2010-1-29 16680]
    .
    =============== File Associations ===============
    .
    .exe=0S
    .
    =============== Created Last 30 ================
    .
    2011-12-13 14:26:51 -------- d-----w- c:\program files\ESET
    2011-12-13 02:19:16 -------- d-----w- c:\users\dse\appdata\local\{F5C4F13C-0DF9-45F6-A18C-23D1BBC7E8BE}
    2011-12-13 02:17:07 -------- d-----w- c:\users\dse\appdata\local\{3400E238-BE83-4D9B-AD19-C35CDA7FB536}
    2011-12-13 02:16:36 -------- d-----w- c:\users\dse\appdata\roaming\Ohcol
    2011-12-13 02:16:36 -------- d-----w- c:\users\dse\appdata\roaming\Nopo
    2011-12-10 03:35:49 -------- d-----w- c:\users\dse\appdata\local\{FFA44DAB-B098-456D-8C57-96A878ED662A}
    2011-12-10 03:34:30 -------- d-----w- c:\users\dse\appdata\local\{2AAB4C7B-6A4B-40A5-9360-CC4761DA5CE2}
    2011-12-07 16:19:08 -------- d-----w- c:\program files\Guide des Tarifs 6.4
    2011-12-07 02:19:23 596296 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\afurladvisor80.dll
    2011-12-04 18:59:04 -------- d-----w- c:\users\dse\appdata\local\{9BD6C1B6-76A2-41C6-8D61-29234997394A}
    2011-12-04 18:57:39 -------- d-----w- c:\users\dse\appdata\local\{08EE44F2-9287-44B9-A223-897B5F232520}
    2011-12-03 20:29:08 -------- d-----w- c:\users\dse\appdata\local\Conexant
    2011-12-03 19:54:09 -------- d-----w- c:\users\dse\appdata\local\{C34DD914-C28A-4574-90D5-B9CFFD4AD67A}
    2011-12-03 19:52:17 -------- d-----w- c:\users\dse\appdata\local\{206F458F-4C11-427C-95E9-EE871E745B13}
    2011-12-02 14:47:52 -------- d-----w- c:\users\dse\appdata\local\{EE1F5A5D-351E-48DA-BE25-B1547E07CFA4}
    2011-12-02 14:47:09 -------- d-----w- c:\users\dse\appdata\local\{1736320B-523C-4791-A74E-79C452B48B59}
    2011-12-02 02:47:51 -------- d-----w- c:\users\dse\appdata\local\{A79B69CF-FB42-48F7-95AE-ED3A9C34B3B9}
    2011-12-02 02:46:33 -------- d-----w- c:\users\dse\appdata\local\{CAF66D90-A4B9-4E54-9C32-9E140022BF4D}
    2011-12-01 14:36:57 -------- d-----w- c:\users\dse\appdata\local\{0300C302-7501-4AA5-9A93-FEC6835B4DD7}
    2011-12-01 14:36:44 -------- d-----w- c:\users\dse\appdata\local\{16A15651-012D-4F22-8C7D-D74B4E8ECE94}
    2011-11-29 14:51:54 -------- d-----w- c:\users\dse\appdata\local\{B98B80D4-FB10-4226-8B81-EB1828AA51E1}
    2011-11-29 14:51:41 -------- d-----w- c:\users\dse\appdata\local\{DA6A5FE0-A9DF-451F-815D-8FE8AB0F58F7}
    2011-11-27 19:30:38 -------- d-----w- c:\users\dse\appdata\local\{DBC5F437-ADB8-4691-B9B3-D3BFC4B8FD9C}
    2011-11-27 19:29:14 -------- d-----w- c:\users\dse\appdata\local\{A5EAE55F-2F13-444C-A199-D234664E3A1A}
    2011-11-23 14:31:21 -------- d-----w- c:\users\dse\appdata\local\{0A9DF5CF-79B7-44BA-9942-DA89027F32C8}
    2011-11-23 14:30:13 -------- d-----w- c:\users\dse\appdata\local\{FBEB23FE-B7E5-457C-84DF-9594EBCF1B5C}
    2011-11-20 18:31:05 -------- d-----w- c:\users\dse\appdata\local\{231ADF19-17A8-4120-8089-ED3D82EA6FB6}
    2011-11-20 18:29:46 -------- d-----w- c:\users\dse\appdata\local\{E7D7956B-D1E4-49A0-9E2B-E922F6316857}
    2011-11-19 02:28:10 -------- d-----w- c:\users\dse\appdata\local\{6227FE28-F71D-462F-A49F-A20709679A3C}
    2011-11-19 02:27:29 -------- d-----w- c:\users\dse\appdata\local\{86E9C0E8-029C-4DAB-B9B4-3DD37C38A75C}
    2011-11-16 17:09:38 214528 ----a-w- c:\windows\system32\PCountStCME.dll
    2011-11-16 17:09:38 -------- d-----w- c:\program files\PractiCount and Invoice (Standard)
    2011-11-16 15:28:55 -------- d-----w- c:\users\dse\appdata\local\{2C1EE2C3-7B31-4F0F-B0D7-1B5ED0977ACE}
    2011-11-16 15:27:35 -------- d-----w- c:\users\dse\appdata\local\{18DF5A1B-2798-414B-98C7-42698939363A}
    2011-11-15 16:21:43 -------- d-----w- c:\users\dse\appdata\local\{426F172D-DA1B-4994-BEC8-25209D5A6E08}
    2011-11-15 16:20:23 -------- d-----w- c:\users\dse\appdata\local\{651ECD2E-610A-4200-9B9E-B77A2671D697}
    .
    ==================== Find3M ====================
    .
    2011-12-01 15:49:46 55 ---h--w- c:\windows\system32\mzdse.sys
    2011-11-27 19:29:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 11:01:55.12 ===============


    DDS - ATTACH
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 31/12/2009 12:03:43 PM
    System Uptime: 14/12/2011 2:03:28 AM (9 hours ago)
    .
    Motherboard: LENOVO | | 4058CTO
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | None | 2801/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 166 GiB total, 56.467 GiB free.
    D: is FIXED (NTFS) - 121 GiB total, 63.044 GiB free.
    H: is CDROM ()
    Q: is FIXED (NTFS) - 10 GiB total, 3.048 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP572: 09/11/2011 10:39:56 PM - Windows Update
    RP573: 11/11/2011 3:00:33 AM - Windows Update
    RP575: 15/11/2011 1:40:30 PM - Revo Uninstaller's restore point - PractiCount and Invoice 3.2 (Standard)
    .
    ==== Installed Programs ======================
    .
    Registry Patch to arrange icons in Device and Printers folder of Windows 7
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    3DVIA player 5.0
    7-Zip 9.10 beta
    ABBYY FineReader 8.0 Professional Edition
    Access Help
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.6 - CPSID_83708
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Asset Services CS4
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Digital Editions
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS4
    Adobe InDesign CS3 Icon Handler
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11.5
    Adobe SING CS3
    Adobe SING CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AnyCount 7.0
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    ATI Catalyst Install Manager
    ATI Uninstaller
    µTorrent
    Avira AntiVir Personal - Free Antivirus
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    BlackWidow version 6.10
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Dutch
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Swedish
    CCleaner
    Classic Shell
    Client Security - Password Manager
    Conexant 20561 SmartAudio HD
    Connect
    Core Temp version 0.99.8
    Create Recovery Media
    D3DX10
    DirectX 9 Runtime
    Dropbox
    ESET Online Scanner v3
    Evernote v. 4.5
    Facebook Plug-In
    FileZilla Client 3.5.0
    Firestorm-Beta-Mesh (remove only)
    Font Fitting Room Deluxe
    Google Update Helper
    GoToMeeting 4.5.0.457
    Guide des Tarifs 6.4
    Hex Color Finder
    HiJackThis
    Hotspot Shield 2.18
    Integrated Camera Driver Installer Package Ver.1.27.500.0
    Integrated Camera TWAIN
    Intel PROSet Wireless
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    InterVideo WinDVD 8
    IsoBuster 2.7
    Java Auto Updater
    Java(TM) 6 Update 23
    Jet Set Go
    Junk Mail filter update
    kuler
    Lenovo Auto Scroll Utility
    Lenovo Fingerprint Software
    Lenovo System Interface Driver
    Lenovo ThinkVantage Toolbox
    Lenovo Welcome
    Magic ISO Maker v5.5 (build 0276)
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Message Center Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft IntelliType Pro 8.0
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Reader
    Microsoft Research AutoCollage Touch 2009
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mobile Broadband Connect
    Mozilla Firefox 8.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyFonts Order M2709896
    MySQL Connector/ODBC 3.51
    NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    On Screen Display
    PDF Settings CS4
    Phoenix Viewer 1.5.2.1102
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PractiCount and Invoice 3.2 (Standard)
    PX Profile Update
    QuickTime
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    Rescue and Recovery
    Revo Uninstaller 1.85
    Roxio Activation Module
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator Business Edition
    Roxio Express Labeler 3
    Roxio Media Manager
    SDL TRADOS 7 Freelance
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Simply Accounting by Sage 2009
    Skype™ 5.5
    Snagit 9.1
    Sonic CinePlayer Decoder Pack
    Sonic Icons for Lenovo
    Suite Shared Configuration CS4
    System Update
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Integration Setup
    ThinkPad Modem Adapter
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    TK8 StickyNotes 3.4
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VLC media player 1.1.10
    WeatherEye
    WebEx
    Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
    Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
    Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
    Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
    Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
    Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    14/12/2011 2:10:56 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    14/12/2011 2:10:14 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    14/12/2011 2:06:34 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    14/12/2011 2:06:03 AM, Error: Service Control Manager [7022] - The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.
    14/12/2011 2:04:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
    14/12/2011 2:04:04 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    14/12/2011 2:04:04 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    14/12/2011 2:03:56 AM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter
    14/12/2011 2:03:56 AM, Error: amdkmdag [43029] - Display is not active
    14/12/2011 2:03:42 AM, Error: Ntfs [137] - The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code.
    14/12/2011 10:09:58 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    13/12/2011 4:56:01 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    13/12/2011 4:56:01 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    13/12/2011 2:03:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82f26795, 0xb2c6c754, 0x00000000). A dump was saved in: C:\Windows\Minidump\121311-27081-01.dmp. Report Id: 121311-27081-01.
    13/12/2011 12:44:02 PM, Error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The pipe has been ended.
    13/12/2011 12:43:28 PM, Error: Service Control Manager [7034] - The Data Transfer Service service terminated unexpectedly. It has done this 1 time(s).
    13/12/2011 12:42:43 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:42:14 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    13/12/2011 12:38:16 PM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.
    13/12/2011 10:25:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SUService service.
    12/12/2011 8:56:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    12/12/2011 8:53:59 PM, Error: Service Control Manager [7034] - The AuthenTec Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).
    11/12/2011 4:12:42 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
    11/12/2011 4:12:40 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/12/2011 9:32:56 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    09/12/2011 10:33:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Simply Accounting Database Connection Manager service to connect.
    .
    ==== End Of File ===========================


    GMER
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-13 17:55:48
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.14.0
    Running: 52l8o5s3.exe; Driver: C:\Users\DSE\AppData\Local\Temp\awldapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 90888456 ZwCreateSection
    SSDT 9088845B ZwSetContextThread
    SSDT 908883F7 ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E89349 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC9EAC 4 Bytes [56, 84, 88, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82ECA24C 4 Bytes [5B, 84, 88, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82ECA324 4 Bytes [F7, 83, 88, 90]
    .text netbt.sys 8A7BA000 105 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
    .text netbt.sys 8A7BA06A 52 Bytes [92, 7D, 8A, FE, 4E, 0F, F6, ...]
    .text netbt.sys 8A7BA0A0 13 Bytes [8A, 55, 0F, 8B, CF, FF, D3, ...]
    .text netbt.sys 8A7BA0AE 21 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
    .text netbt.sys 8A7BA0C5 16 Bytes [10, 57, FF, 15, 70, 90, 7D, ...]
    .text ...
    ? C:\Windows\System32\DRIVERS\netbt.sys suspicious PE modification
    .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x90A31000, 0x2D27D6, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 76FA5F18 5 Bytes JMP 005D000A
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtWriteVirtualMemory 76FA6A98 5 Bytes JMP 0062000A
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!KiUserExceptionDispatcher 76FA7008 5 Bytes JMP 005C000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000066 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) 8FDB9000-8FDD3000 (106496 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5db69f8
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x79 0xFB 0x59 0x6E ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5db69f8 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x79 0xFB 0x59 0x6E ...

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB29298$\2878396898 0 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\@ 2048 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\bckfg.tmp 850 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\cfg.ini 185 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\keywords 222 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\L 0 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\L\xadqgnnk 187904 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U 0 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 2048 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 224768 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 12800 bytes
    File C:\Windows\$NtUninstallKB29298$\2878396898\U\[email protected] 98304 bytes
    File C:\Windows\$NtUninstallKB29298$\4141271340 0 bytes

    ---- EOF - GMER 1.0.15 ----



    ESET online scanner
    C:\Users\DSE\AppData\Local\vcf.exe a variant of Win32/Kryptik.XEQ trojan cleaned by deleting - quarantined
    C:\Users\DSE\AppData\Local\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
    C:\Users\DSE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7bd790e3-5bf637c8 a variant of Win32/Kryptik.XEQ trojan cleaned by deleting - quarantined
    C:\Windows\System32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.GG trojan unable to clean



    Thank you in advance!!!
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,938
    First Name:
    Frank
    Jodee:

    I received your private message.

    I'm not trained to deal with your DDS and GMER logs, so my assistance is somewhat limited. A trained gold/blue shield member will need to assist you with those logs.

    -------------------------------------------------------

    Ask Toolbar

    uTorrent

    kuler


    should be uninstalled in "Control Panel - Programs And Features".

    -------------------------------------------------------

    Java(TM) 6 Update 23 should be updated to version 6 Update 30

    Malwarebytes Anti-Malware 1.51.1.1800 should be updated to version 1.51.2.1300 and should have its definition files updated.

    Mozilla Firefox 8.0 should be updated to version 8.0.1

    Skype 5.5 should be updated to version 5.6

    SUPERAntiSpyware 5.0.0.1136 should be installed so it can work with Malwarebytes Anti-Malware to find and remove threats in your computer.

    VLC Media Player 1.1.10 should be updated to version 1.1.11

    -------------------------------------------------------
     
  4. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Hi there,

    Thank you for the tips. Hopefully someone will be able to help me. I'm now getting redirects when doing searches in Google. Also I'm unable to install any programs. For every program I want to open, I still have to locate the application file and right click on start.

    Thanks again
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,938
    First Name:
    Frank
    I'll see if I can get a gold/blue shield member to assist you.

    This section is VERY busy, so you may not get a reply for 24 - 48 hours.

    --------------------------------------------------------
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  7. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Hi there

    Thanks for the instructions. I had some difficulty in running Combifix. It was taking hours each time, then my laptop would shut off unexpectedly. This went on for awhile...that's wht it took so long fo rme to get back to you. Yesterday I was finally able to run it successfully. See attached for the log.

    It seems as though my laptop is back to normal. Is there anything else I should verify?

    Thanks so much,

    Jodee
     

    Attached Files:

  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
  9. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Hey there,

    See enclosed for the attached log. I also scanned with eset online scanner and Avira. Logs included as well.
    Looking forward to your feedback.

    Kindest regards,

    Jodee
     

    Attached Files:

  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    It is very possible that Avira has fixed it by repairing the infected driver
    Are you having any problems or is it all OK
     
  11. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Everything seems ok...
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    ok a bit of clearing up still to do

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. If it doesn't, then reboot manually Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  13. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Hey there,

    Here is the Combofix + CFScript log:

    ComboFix 11-12-21.02 - DSE 21/12/2011 13:24:19.5.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2520.1323 [GMT -5:00]
    Running from: c:\users\DSE\Desktop\ComboFix.exe
    Command switches used :: c:\users\DSE\Desktop\CFScript.txt
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\5849\AddOnDownloaded\070ba803-49f8-4fe7-8a18-40930827162f.dll
    c:\programdata\PCDr\5849\AddOnDownloaded\2d662263-8349-40fc-8bca-552cc5d7cfda.dll
    c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll
    c:\users\DSE\AppData\Roaming\Nopo
    c:\users\DSE\AppData\Roaming\Ohcol
    c:\windows\$NtUninstallKB29298$
    c:\windows\system32\SET85D8.tmp
    c:\windows\system32\SET9A38.tmp
    c:\windows\system32\Settings
    c:\windows\system32\Settings\Settings.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-21 18:38 . 2011-12-21 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-12-17 20:01 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-17 17:28 . 2011-12-17 20:31 -------- d-----w- C:\jodee123
    2011-12-13 14:26 . 2011-12-13 14:26 -------- d-----w- c:\program files\ESET
    2011-12-07 16:19 . 2011-12-07 16:21 -------- d-----w- c:\program files\Guide des Tarifs 6.4
    2011-12-07 02:19 . 2011-11-23 20:45 596296 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor80.dll
    2011-12-03 20:29 . 2011-12-03 20:29 -------- d-----w- c:\users\DSE\AppData\Local\Conexant
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-27 19:29 . 2011-06-16 13:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-15 02:08 . 2011-10-15 02:08 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-09-29 16:03 . 2011-11-09 20:57 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 03:37 . 2011-11-09 20:56 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-09 14:22 . 2011-05-15 16:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\DSE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\DSE\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
    "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-11 55072]
    "ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2008-09-19 87336]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
    "TpShocks"="TpShocks.exe" [2009-07-09 337184]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
    "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2009-12-22 86528]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Bluetooth.lnk]
    path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^Digital Line Detect.lnk]
    path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^EvernoteClipper.lnk]
    path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\EvernoteClipper.lnk
    backup=c:\windows\pss\EvernoteClipper.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^HP SimpleSave Monitor.lnk]
    path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\HP SimpleSave Monitor.lnk
    backup=c:\windows\pss\HP SimpleSave Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^DSE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Utilities^Startup^RCIMGDIR.exe.lnk]
    path=c:\users\DSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Startup\RCIMGDIR.exe.lnk
    backup=c:\windows\pss\RCIMGDIR.exe.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
    2009-10-14 01:33 36864 ------w- c:\program files\Lenovo\Access Connections\AcTBenabler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2010-01-25 14:31 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2010-04-23 04:16 1725736 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TK8 StickyNotes]
    2011-01-05 18:28 9212720 ----a-w- c:\program files\TK8 StickyNotes\TK8StickyNotes.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
    2009-10-27 01:42 718232 ------w- c:\program files\WeatherNetwork\WeatherEye.exe
    .
    R2 BackupService;BackupService;c:\users\DSE\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
    R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-09-01 106496]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 GPU-Z;GPU-Z;c:\users\DSE\AppData\Local\Temp\GPU-Z.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
    R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
    R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-01-25 288112]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
    R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-11-23 330072]
    R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-11-23 329544]
    R4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
    S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-09-01 1692920]
    S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-09-01 98304]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
    S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-23 225408]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
    S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 02:04]
    .
    2011-12-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
    .
    2011-12-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
    .
    2011-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = local;*.local
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    FF - ProfilePath - c:\users\DSE\AppData\Roaming\Mozilla\Firefox\Profiles\efv5jupl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
    .
    Completion time: 2011-12-21 13:41:52
    ComboFix-quarantined-files.txt 2011-12-21 18:41
    ComboFix2.txt 2011-12-17 20:31
    .
    Pre-Run: 59,060,322,304 bytes free
    Post-Run: 58,664,890,368 bytes free
    .
    - - End Of File - - D5FDB869812CCAC67CD78DFB5CB342D9
     
  14. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    P.S. I disabled Avira but Combofix seems to always detect it. There must be something hidden because I don't see it anywhere...not even in the processes.

    Thanks
     
  15. Jodee

    Jodee Thread Starter

    Joined:
    Apr 11, 2007
    Messages:
    93
    Oh, and one last thing: It seems my Windows updates cannot install. It has been attempting to install 8 important updates with no success. Think it could be related to this infection?

    Thank you so much for your time and effort in assisting me. It is very much appreciated.

    Jodee
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030999

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice