Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan has highjacked file association

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan has highjacked file association

Unread postby amoncarter » March 21st, 2011, 4:14 pm

It started with the now familiar "you have been infected" messages, which I was able to clear up. I thought I was done, then I realized all file links/associations in the startmenu bring up the unassociated xp window - except email (outlook.exe) which continues to work.

I have researched it to a particular trojan which mbab found and removed, but behavior continues. I also tweaked the registry with a few entries from the trendmicro website instructions for manual removal (it had substituted exefile with its own path), but so far nothing had worked - my file asscoiations are still broken.

I found an entry in my running process log from hijack that was a clear culprit (something running from my temp folder called something like hn.exe, but couldnt find an entry for it to delete in the hijack log.

I thought it could be just one user, as i was able to craete a new user and access ie but now
it is affecting the ie (internet) start menu link in new users I create. however, i am still able to lauch from program list, so its one entire user profile that's corrupted plus the ie link in others.

(I may have screwed up the logs I need to post, sorry in advance, I'vve got both dds & attach)

thanks

Micky
---------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by micky at 14:49:49.00 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1413 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\micky\Local Settings\Temporary Internet Files\Content.IE5\4TU7SPQR\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TpShocks] TpShocks.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [krn] c:\windows\krn4.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 0082813665
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0082793072
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... 02-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... 42-win.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-7-7 10368]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-25 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-12-6 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2010-4-21 140184]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-25 132456]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-15 47640]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-12 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-8-8 63928]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110320.003\naveng.sys [2011-3-20 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110320.003\navex15.sys [2011-3-20 1360760]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 13408]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 23152]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-9 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-12-6 45496]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-6-8 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-6-8 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-6-8 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-6-8 10368]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-6-6 30192]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-11-14 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-11-14 17448]
S3 ndfs;ndfs;\??\c:\program files\netdrive\ndfs.sys --> c:\program files\netdrive\ndfs.sys [?]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2010-4-13 4608]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2010-2-17 66432]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2006-7-7 165120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 One Call Sync Service;One Call Sync Service;c:\program files\one call sync\One Call Sync Service.exe [2009-1-29 32768]
.
=============== Created Last 30 ================
.
2011-03-21 19:43:39 -------- d-----w- c:\docume~1\micky\applic~1\Malwarebytes
2011-03-21 19:41:49 -------- d-sh--w- c:\documents and settings\micky\PrivacIE
2011-02-21 06:45:37 0 ----a-w- c:\windows\Ocicuc.bin
.
==================== Find3M ====================
.
2011-02-01 21:59:50 286720 ------w- c:\windows\Setup1.exe
2011-02-01 21:59:49 73216 ----a-w- c:\windows\ST6UNST.EXE
.
============= FINISH: 14:51:33.53 ===============
---------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2006 1:22:29 PM
System Uptime: 3/21/2011 10:55:01 AM (4 hours ago)
.
Motherboard: LENOVO | | 170685U
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | None | 1316/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 5.813 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2249: 1/8/2011 6:44:30 PM - System Checkpoint
RP2250: 1/9/2011 7:45:24 PM - System Checkpoint
RP2251: 1/10/2011 8:52:02 PM - System Checkpoint
RP2252: 1/11/2011 9:32:39 PM - System Checkpoint
RP2253: 1/12/2011 10:52:59 PM - System Checkpoint
RP2254: 1/14/2011 12:16:56 AM - System Checkpoint
RP2255: 1/15/2011 1:11:01 AM - System Checkpoint
RP2256: 1/16/2011 2:08:34 AM - System Checkpoint
RP2257: 1/17/2011 3:08:35 AM - System Checkpoint
RP2258: 1/18/2011 4:08:36 AM - System Checkpoint
RP2259: 1/19/2011 5:08:37 AM - System Checkpoint
RP2260: 1/20/2011 6:08:38 AM - System Checkpoint
RP2261: 1/21/2011 7:08:40 AM - System Checkpoint
RP2262: 1/22/2011 8:09:45 AM - System Checkpoint
RP2263: 1/23/2011 9:09:53 AM - System Checkpoint
RP2264: 1/24/2011 10:14:15 AM - System Checkpoint
RP2265: 1/25/2011 11:06:57 AM - System Checkpoint
RP2266: 1/26/2011 11:08:44 AM - System Checkpoint
RP2267: 1/27/2011 12:08:43 PM - System Checkpoint
RP2268: 1/28/2011 1:08:44 PM - System Checkpoint
RP2269: 1/29/2011 2:34:28 PM - System Checkpoint
RP2270: 1/30/2011 11:45:11 AM - Installed iTunes
RP2271: 1/31/2011 12:09:12 PM - System Checkpoint
RP2272: 2/1/2011 7:51:48 PM - System Checkpoint
RP2273: 2/2/2011 9:24:45 PM - System Checkpoint
RP2274: 2/3/2011 10:26:12 PM - System Checkpoint
RP2275: 2/5/2011 12:12:41 AM - System Checkpoint
RP2276: 2/6/2011 1:08:52 AM - System Checkpoint
RP2277: 2/7/2011 2:08:53 AM - System Checkpoint
RP2278: 2/8/2011 3:08:53 AM - System Checkpoint
RP2279: 2/9/2011 4:08:13 AM - System Checkpoint
RP2280: 2/10/2011 5:04:17 AM - System Checkpoint
RP2281: 2/11/2011 5:07:08 AM - System Checkpoint
RP2282: 2/12/2011 5:56:57 AM - System Checkpoint
RP2283: 2/13/2011 6:56:57 AM - System Checkpoint
RP2284: 2/14/2011 7:58:03 AM - System Checkpoint
RP2285: 2/15/2011 8:56:59 AM - System Checkpoint
RP2286: 2/16/2011 9:11:34 AM - System Checkpoint
RP2287: 2/17/2011 9:54:20 AM - System Checkpoint
RP2288: 2/18/2011 10:48:24 AM - System Checkpoint
RP2289: 2/19/2011 11:19:10 AM - System Checkpoint
RP2290: 2/20/2011 12:58:45 PM - System Checkpoint
RP2291: 2/21/2011 1:35:57 PM - System Checkpoint
RP2292: 2/22/2011 3:17:37 PM - System Checkpoint
RP2293: 2/23/2011 3:49:43 PM - System Checkpoint
RP2294: 2/24/2011 4:11:52 PM - System Checkpoint
RP2295: 2/25/2011 6:22:34 PM - System Checkpoint
RP2296: 2/27/2011 12:18:51 AM - System Checkpoint
RP2297: 2/28/2011 12:43:34 AM - System Checkpoint
RP2298: 3/1/2011 5:03:21 PM - System Checkpoint
RP2299: 3/2/2011 7:15:03 PM - System Checkpoint
RP2300: 3/3/2011 8:01:30 PM - System Checkpoint
RP2301: 3/4/2011 10:11:22 PM - System Checkpoint
RP2302: 3/5/2011 11:02:45 PM - System Checkpoint
RP2303: 3/6/2011 11:05:28 PM - System Checkpoint
RP2304: 3/8/2011 12:01:39 AM - System Checkpoint
RP2305: 3/9/2011 1:01:40 AM - System Checkpoint
RP2306: 3/10/2011 1:50:12 AM - System Checkpoint
RP2307: 3/11/2011 2:01:41 AM - System Checkpoint
RP2308: 3/12/2011 3:01:45 AM - System Checkpoint
RP2309: 3/13/2011 5:01:42 AM - System Checkpoint
RP2310: 3/14/2011 5:02:48 AM - System Checkpoint
RP2311: 3/15/2011 6:01:47 AM - System Checkpoint
RP2312: 3/16/2011 7:01:44 AM - System Checkpoint
RP2313: 3/17/2011 8:01:45 AM - System Checkpoint
RP2314: 3/18/2011 9:07:52 AM - System Checkpoint
RP2315: 3/20/2011 1:32:57 PM - System Checkpoint
RP2316: 3/21/2011 1:40:17 PM - System Checkpoint
.
==== Installed Programs ======================
.
WD Align System Utility 2.0 (Retail) - Powered By Paragon™
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.15 beta
Active Query Builder .NET Trial Edition v1.11.9.212
Active@ ISO Burner
Ad-Aware
Adobe Acrobat 6.0.1 Professional
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS RT-N16 Wireless Router Utilities
Batchrun 4.2
BeamBoy v2.2
Bonjour
Brother MFL-Pro Suite
CCleaner
CDDRV_Installer
Childcare Manager
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Defraggler (remove only)
Dell Printer Software
Deluxe Menus Trial
DemoCreator
Excelsior Installer 1.8
Free PDF to Word Doc Converter v1.1
Garmin City Navigator North America NT 2010.40
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GemBox.Spreadsheet Free 3.3
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Help Center
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970685)
HP USB Disk Storage Format Tool
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iPhone Configuration Utility
Iron Speed Designer V6.2.1
iTunes
Java(TM) 6 Update 14
KhalInstallWrapper
Korzh EasyQuery.NET for WinForms
LeKuSoft DVD Ripper 5.2
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Logitech Registration
Logitech SetPoint 6.0
LogMeIn
Malwarebytes' Anti-Malware
Media Lab SiteGrinder 2 (Basic & Pro)
Message Center Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XML Parser
MIT MathML Fonts 1.0
MobileMe Control Panel
Mozilla Firefox (3.6.15)
mProSafe
MSXML 6.0 Parser
mWlsSafe
MySQL Server 5.1
nLite 1.4.9.1
Notepad++
Nullsoft Install System
OGA Notifier 1.7.0102.0
On Screen Display
One Call Sync
OpenDNS Updater 2.2
PeerGuardian 2.0
Picasa 3
Poster Forge 1.02
Presentation Director
Quicken WillMaker Plus 2006
QuickTime
RealPlayer
RealUpgrade 1.0
Remove Hidden Data Tool
Scheduler Updater
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Skype™ 5.1
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartXLS
SMS Advanced Client
SoundMAX
Speccy
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SpreadsheetGear 2010
SQL Server System CLR Types
SUPERAntiSpyware
Symantec Network Drivers Update
Synology Assistant
System Tray Audio Device Switcher
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ToolbarBrowser v2.4
TreeSize 1.75
TreeSize Free V2.3.1
TrueCrypt
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb957829)
VectorEye3
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio.NET Baseline - English
WebEx
WebEx Productivity Tools
WebFldrs XP
WildVoice Studio 1.0
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinISD Pro [alpha]
WinX DVD Ripper Platinum 5.9.2
WinX HD Video Converter Deluxe 3.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/21/2011 9:14:52 AM, error: DCOM [10001] - Unable to start a DCOM Server: {5F4BAAD0-4D59-4FCD-B213-783CE7A92F22} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\wiaacmgr.exe -Embedding
3/21/2011 2:49:52 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
3/20/2011 2:59:52 PM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%2" Happened while starting this command: "C:\Program Files\Google\Update\GoogleUpdate.exe" -Embedding
3/20/2011 2:59:49 PM, error: DCOM [10001] - Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
3/20/2011 2:59:37 PM, error: DCOM [10000] - Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}. The error: "%2" Happened while starting this command: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" -Embedding
3/20/2011 2:59:35 PM, error: DCOM [10000] - Unable to start a DCOM Server: {7160A13D-73DA-4CEA-95B9-37356478588A}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxext.exe -Embedding
3/20/2011 2:59:33 PM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
3/18/2011 10:23:14 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
3/18/2011 10:22:57 PM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the file specified.
3/18/2011 10:22:50 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/18/2011 10:22:41 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/18/2011 10:22:41 PM, error: Service Control Manager [7000] - The Retrospect WD Service service failed to start due to the following error: The system cannot find the path specified.
3/18/2011 10:22:41 PM, error: Service Control Manager [7000] - The Retrospect Launcher service failed to start due to the following error: The system cannot find the file specified.
3/18/2011 10:22:23 PM, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
amoncarter
Active Member
 
Posts: 5
Joined: March 21st, 2011, 3:52 pm
Advertisement
Register to Remove

Re: Trojan has highjacked file association

Unread postby Blade81 » March 24th, 2011, 10:04 am

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trojan has highjacked file association

Unread postby amoncarter » March 24th, 2011, 10:53 am

thanks for responding. in the last couple of days, things got worse and I finally panicked and went into safe mode to at least pull off my files. Safe mode promoted me to use a system recover point to the previous week which I did. D'uh!. On surface, all is well and none of my utilities report any contamination.

There are still some weird things (superspyware, malware bytes, norton) all would normally have applied updates, now they sort of apply (dates don't refresh, i get random errors) but they seem to run. Still trying to figure that out but my original problem has been "over written".

Thank you for responding.
amoncarter
Active Member
 
Posts: 5
Joined: March 21st, 2011, 3:52 pm

Re: Trojan has highjacked file association

Unread postby Blade81 » March 24th, 2011, 11:18 am

Hi,

Those remaining symptoms may be related to this same issue.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trojan has highjacked file association

Unread postby amoncarter » March 24th, 2011, 12:24 pm

i will run combofix and post.
amoncarter
Active Member
 
Posts: 5
Joined: March 21st, 2011, 3:52 pm

Re: Trojan has highjacked file association

Unread postby Blade81 » March 25th, 2011, 12:28 pm

Ok. Shall wait for the reports.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trojan has highjacked file association

Unread postby amoncarter » March 25th, 2011, 1:00 pm

attached are the new logs. i have word wrap off. only thing new i've tried is installing trendmicro.

i see entries for trendmicro in the combofix log - i tried unsuccessfully to install it - installer hung my system and wouldn't finish. I tried 3 times. I couldn't boot into the machine after that forcing me to go into safe mode to go back to a previous restore point.

logs follow ------

ComboFix 11-03-23.06 - micky.mirchandani 2011-03-24 11:35:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1538 [GMT -5:00]
Running from: c:\documents and settings\micky.mirchandani\My Documents\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\micky.mirchandani\Application Data\aicon
c:\documents and settings\micky.mirchandani\Application Data\aicon\aicon.ini
c:\documents and settings\micky.mirchandani\g2mdlhlpx.exe
c:\documents and settings\micky.mirchandani\GoToAssistDownloadHelper.exe
c:\documents and settings\micky.mirchandani\Local Settings\Application Data\{7080BF92-D149-4D7C-A34C-48B5BF1F41A9}
c:\documents and settings\micky.mirchandani\Local Settings\Application Data\{7080BF92-D149-4D7C-A34C-48B5BF1F41A9}\chrome.manifest
c:\documents and settings\micky.mirchandani\Local Settings\Application Data\{7080BF92-D149-4D7C-A34C-48B5BF1F41A9}\chrome\content\_cfg.js
c:\documents and settings\micky.mirchandani\Local Settings\Application Data\{7080BF92-D149-4D7C-A34C-48B5BF1F41A9}\chrome\content\overlay.xul
c:\documents and settings\micky.mirchandani\Local Settings\Application Data\{7080BF92-D149-4D7C-A34C-48B5BF1F41A9}\install.rdf
c:\documents and settings\micky.mirchandani\System
c:\documents and settings\micky.mirchandani\System\win_qs8.jqx
c:\photoboof7\Photoboof7.exe
c:\windows\Google Pack Screensaver Uninstaller.exe
c:\windows\system32\code
c:\windows\system32\code\ID
c:\windows\system32\code\pplgn.exe
c:\windows\system32\code\pRee1.exe
c:\windows\system32\code\pRee2.exe
c:\windows\system32\MailBee.dll
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 01:18 . 2011-03-24 01:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 23:44 . 2011-03-24 01:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2011-03-23 16:40 . 2011-03-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-23 16:39 . 2011-03-23 16:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-23 16:33 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 16:33 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 16:33 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 16:33 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 16:33 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 16:33 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 16:33 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 16:33 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 12:58 . 2011-03-24 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 12:58 . 2011-03-23 12:58 -------- d-----w- c:\program files\SpeedFan
2011-03-23 04:23 . 2011-03-23 04:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2011-03-23 04:05 . 2011-03-23 04:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro
2011-03-23 04:04 . 2011-03-23 12:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trend Micro
2011-03-23 03:44 . 2011-03-23 03:44 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 22:55 . 2011-03-22 22:55 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Local Settings\Application Data\Mozilla
2011-03-22 22:45 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-22 19:18 . 2011-03-24 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-03-21 19:40 . 2011-03-23 12:58 -------- d-s---w- c:\documents and settings\micky
2011-03-20 19:59 . 2011-03-23 12:58 -------- d-s---w- c:\documents and settings\IUSR_MICKYXPLT
2011-03-19 03:31 . 2011-03-19 03:31 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Application Data\SUPERAntiSpyware.com
2011-03-19 03:30 . 2011-03-19 03:30 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Local Settings\Application Data\Symantec
2011-03-19 03:26 . 2011-03-19 03:26 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Application Data\Malwarebytes
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 15:17 . 2010-04-26 01:17 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-02-01 21:59 . 2011-02-01 21:59 286720 ------w- c:\windows\Setup1.exe
2011-02-01 21:59 . 2011-02-01 21:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-18 17:53 . 2011-03-23 16:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-03-15 00:45 . 2010-03-15 00:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-02-09 15622144]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-12-11 95960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-25 517480]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"krn"="c:\windows\krn4.exe" [2008-06-15 0]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-04 16:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1273290989-1249878499-1386548340-1752\Scripts\Logon\0\0]
"Script"=NetworkDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1273290989-1249878499-1386548340-1780\Scripts\Logon\0\0]
"Script"=NetworkDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1273290989-1249878499-1386548340-1794\Scripts\Logon\0\0]
"Script"=NetworkDrives.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-01-27 11:30 1312848 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-11 17:18 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SQLAgent$EDIENTERPRISE"=3 (0x3)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"MSSQL$EDIENTERPRISE"=2 (0x2)
"msftesql$EDIENTERPRISE"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"iPod Service"=3 (0x3)
"IISADMIN"=2 (0x2)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\One Call Sync\\One Call Sync Service.exe"=
"c:\\Program Files\\One Call Sync\\One Call Sync Configuration.exe"=
"c:\\Documents and Settings\\micky.mirchandani\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\RT-N16 Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\RT-N16 Wireless Router Utilities\\Rescue.exe"=
"c:\\Program Files\\ASUS\\RT-N16 Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-07-07 10368]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-04-25 24304]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-06-14 717296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-09 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-12-06 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2010-04-21 140184]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-04-25 132456]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-08-11 12856]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2008-12-12 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2005-12-21 3968]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2008-08-08 63928]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-08-11 13408]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-01-01 23152]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2010-12-06 45496]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-06-08 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-06-08 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-06-08 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-06-08 10368]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-06-06 30192]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-11-14 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-11-14 17448]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [2010-04-13 4608]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2010-02-17 66432]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-08-16 278016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2006-07-07 165120]
S4 One Call Sync Service;One Call Sync Service;c:\program files\One Call Sync\One Call Sync Service.exe [2009-01-29 32768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:01]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:01]
.
2011-03-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-08 17:16]
.
2011-03-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-08 17:16]
.
2011-03-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-06-06 07:28]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1025.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1033.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1034.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1036.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1040.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1041.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1025.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1033.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1034.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1036.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1040.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1041.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2006-06-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-06-06 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
FF - ProfilePath - c:\documents and settings\micky.mirchandani\Application Data\Mozilla\Firefox\Profiles\qyfd7jqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - prefs.js: network.proxy.http - 188.93.20.212
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.proxy.no_proxies_on, , 192.168.2.0/255, 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 11:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(4720)
c:\windows\system32\PROCHLP.DLL
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\msiexec.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-24 11:57:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-24 16:57
ComboFix2.txt 2010-01-11 20:55
.
Pre-Run: 8,282,939,392 bytes free
Post-Run: 9,010,249,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - AAF9B1563F3409B2932C7251EC9DF654

dds.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by micky.mirchandani at 11:48:24.18 on 2011-03-25
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1588 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\vptray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Documents and Settings\micky.mirchandani\My Documents\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TpShocks] TpShocks.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [krn] c:\windows\krn4.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vptray] c:\progra~1\symant~2\\vptray.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 0082813665
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0082793072
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... 02-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... 42-win.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\micky~1.mir\applic~1\mozilla\firefox\profiles\qyfd7jqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - prefs.js: network.proxy.http - 188.93.20.212
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\micky.mirchandani\application data\mozilla\firefox\profiles\qyfd7jqc.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\micky.mirchandani\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.proxy.no_proxies_on, , 192.168.2.0/255, 192.168.2.1
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-7-7 10368]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-25 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-12-6 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2010-4-21 140184]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-25 132456]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-15 47640]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-12 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-8-8 63928]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110323.002\naveng.sys [2011-3-23 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110323.002\navex15.sys [2011-3-23 1360760]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 13408]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 23152]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-12-6 45496]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-6-8 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-6-8 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-6-8 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-6-8 10368]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-6-6 30192]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-11-14 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-11-14 17448]
S3 ndfs;ndfs;\??\c:\program files\netdrive\ndfs.sys --> c:\program files\netdrive\ndfs.sys [?]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2010-4-13 4608]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2010-2-17 66432]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2006-7-7 165120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 One Call Sync Service;One Call Sync Service;c:\program files\one call sync\One Call Sync Service.exe [2009-1-29 32768]
.
=============== Created Last 30 ================
.
2011-03-24 16:32:29 -------- d-sha-r- C:\cmdcons
2011-03-24 16:27:49 -------- d-----w- C:\ComboFix
2011-03-24 01:18:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-24 01:18:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 16:40:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-23 16:39:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-23 16:33:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 16:33:43 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-23 16:33:43 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-23 16:33:43 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-23 16:33:43 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-23 16:33:43 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-23 16:33:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-23 16:33:43 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-23 12:58:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 12:58:11 -------- d-----w- c:\program files\SpeedFan
2011-03-23 03:44:40 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 22:45:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-22 19:18:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-27 14:44:11 0 ----a-w- c:\windows\Ocicuc.bin
2011-02-01 21:59:50 286720 ------w- c:\windows\Setup1.exe
2011-02-01 21:59:49 73216 ----a-w- c:\windows\ST6UNST.EXE
.
============= FINISH: 11:49:23.52 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-06-06 13:22:29
System Uptime: 2011-03-24 11:45:33 (24 hours ago)
.
Motherboard: LENOVO | | 170685U
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | None | 1828/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 8.316 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2249: 2011-01-08 18:44:30 - System Checkpoint
RP2250: 2011-01-09 19:45:24 - System Checkpoint
RP2251: 2011-01-10 20:52:02 - System Checkpoint
RP2252: 2011-01-11 21:32:39 - System Checkpoint
RP2253: 2011-01-12 22:52:59 - System Checkpoint
RP2254: 2011-01-14 00:16:56 - System Checkpoint
RP2255: 2011-01-15 01:11:01 - System Checkpoint
RP2256: 2011-01-16 02:08:34 - System Checkpoint
RP2257: 2011-01-17 03:08:35 - System Checkpoint
RP2258: 2011-01-18 04:08:36 - System Checkpoint
RP2259: 2011-01-19 05:08:37 - System Checkpoint
RP2260: 2011-01-20 06:08:38 - System Checkpoint
RP2261: 2011-01-21 07:08:40 - System Checkpoint
RP2262: 2011-01-22 08:09:45 - System Checkpoint
RP2263: 2011-01-23 09:09:53 - System Checkpoint
RP2264: 2011-01-24 10:14:15 - System Checkpoint
RP2265: 2011-01-25 11:06:57 - System Checkpoint
RP2266: 2011-01-26 11:08:44 - System Checkpoint
RP2267: 2011-01-27 12:08:43 - System Checkpoint
RP2268: 2011-01-28 13:08:44 - System Checkpoint
RP2269: 2011-01-29 14:34:28 - System Checkpoint
RP2270: 2011-01-30 11:45:11 - Installed iTunes
RP2271: 2011-01-31 12:09:12 - System Checkpoint
RP2272: 2011-02-01 19:51:48 - System Checkpoint
RP2273: 2011-02-02 21:24:45 - System Checkpoint
RP2274: 2011-02-03 22:26:12 - System Checkpoint
RP2275: 2011-02-05 00:12:41 - System Checkpoint
RP2276: 2011-02-06 01:08:52 - System Checkpoint
RP2277: 2011-02-07 02:08:53 - System Checkpoint
RP2278: 2011-02-08 03:08:53 - System Checkpoint
RP2279: 2011-02-09 04:08:13 - System Checkpoint
RP2280: 2011-02-10 05:04:17 - System Checkpoint
RP2281: 2011-02-11 05:07:08 - System Checkpoint
RP2282: 2011-02-12 05:56:57 - System Checkpoint
RP2283: 2011-02-13 06:56:57 - System Checkpoint
RP2284: 2011-02-14 07:58:03 - System Checkpoint
RP2285: 2011-02-15 08:56:59 - System Checkpoint
RP2286: 2011-02-16 09:11:34 - System Checkpoint
RP2287: 2011-02-17 09:54:20 - System Checkpoint
RP2288: 2011-02-18 10:48:24 - System Checkpoint
RP2289: 2011-02-19 11:19:10 - System Checkpoint
RP2290: 2011-02-20 12:58:45 - System Checkpoint
RP2291: 2011-02-21 13:35:57 - System Checkpoint
RP2292: 2011-02-22 15:17:37 - System Checkpoint
RP2293: 2011-02-23 15:49:43 - System Checkpoint
RP2294: 2011-02-24 16:11:52 - System Checkpoint
RP2295: 2011-02-25 18:22:34 - System Checkpoint
RP2296: 2011-02-27 00:18:51 - System Checkpoint
RP2297: 2011-02-28 00:43:34 - System Checkpoint
RP2298: 2011-03-01 17:03:21 - System Checkpoint
RP2299: 2011-03-02 19:15:03 - System Checkpoint
RP2300: 2011-03-03 20:01:30 - System Checkpoint
RP2301: 2011-03-04 22:11:22 - System Checkpoint
RP2302: 2011-03-05 23:02:45 - System Checkpoint
RP2303: 2011-03-06 23:05:28 - System Checkpoint
RP2304: 2011-03-08 00:01:39 - System Checkpoint
RP2305: 2011-03-09 01:01:40 - System Checkpoint
RP2306: 2011-03-10 01:50:12 - System Checkpoint
RP2307: 2011-03-11 02:01:41 - System Checkpoint
RP2308: 2011-03-12 03:01:45 - System Checkpoint
RP2309: 2011-03-13 05:01:42 - System Checkpoint
RP2310: 2011-03-14 05:02:48 - System Checkpoint
RP2311: 2011-03-15 06:01:47 - System Checkpoint
RP2312: 2011-03-16 07:01:44 - System Checkpoint
RP2313: 2011-03-17 08:01:45 - System Checkpoint
RP2314: 2011-03-18 09:07:52 - System Checkpoint
RP2315: 2011-03-20 13:32:57 - System Checkpoint
RP2316: 2011-03-21 13:40:17 - System Checkpoint
RP2317: 2011-03-22 15:10:59 - System Checkpoint
RP2318: 2011-03-23 07:57:18 - Restore Operation
RP2319: 2011-03-23 17:11:33 - march23
RP2320: 2011-03-23 18:15:07 - Software Distribution Service 3.0
RP2321: 2011-03-23 20:16:25 - Restore Operation
RP2322: 2011-03-24 20:51:42 - System Checkpoint
RP2323: 2011-03-24 22:00:26 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
WD Align System Utility 2.0 (Retail) - Powered By Paragon™
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.15 beta
Active Query Builder .NET Trial Edition v1.11.9.212
Active@ ISO Burner
Ad-Aware
Adobe Acrobat 6.0.1 Professional
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS RT-N16 Wireless Router Utilities
Batchrun 4.2
BeamBoy v2.2
Bonjour
Brother MFL-Pro Suite
CCleaner
CDDRV_Installer
Childcare Manager
Compatibility Pack for the 2007 Office system
CopyPasteTool
Core FTP LE 2.1
Defraggler (remove only)
Dell Driver Download Manager
Dell Printer Software
Deluxe Menus Trial
DemoCreator
DNA
Excelsior Installer 1.8
Fargo1
Free PDF to Word Doc Converter v1.1
Garmin City Navigator North America NT 2010.40
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GemBox.Spreadsheet Free 3.3
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.452
Help Center
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970685)
HP USB Disk Storage Format Tool
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iPhone Configuration Utility
Iron Speed Designer V6.2.1
iTunes
Java(TM) 6 Update 14
KhalInstallWrapper
Korzh EasyQuery.NET for WinForms
LeKuSoft DVD Ripper 5.2
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Logitech Registration
Logitech SetPoint 6.0
LogMeIn
Malwarebytes' Anti-Malware
Media Lab SiteGrinder 2 (Basic & Pro)
Message Center Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XML Parser
MIT MathML Fonts 1.0
MobileMe Control Panel
Monarch Stone Layout Planner
Mozilla Firefox 4.0 (x86 en-US)
mProSafe
MSXML 6.0 Parser
mWlsSafe
MySQL Server 5.1
nLite 1.4.9.1
Notepad++
Nullsoft Install System
OGA Notifier 1.7.0102.0
On Screen Display
One Call Sync
OpenDNS Updater 2.2
PeerGuardian 2.0
Picasa 3
Poster Forge 1.02
Presentation Director
Quicken WillMaker Plus 2006
QuickTime
RealPlayer
RealUpgrade 1.0
Remove Hidden Data Tool
Scheduler Updater
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Skype™ 5.1
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartXLS
SMS Advanced Client
SoundMAX
Speccy
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SpreadsheetGear 2010
SQL Server System CLR Types
SugarSync Manager
SUPERAntiSpyware
Symantec Network Drivers Update
Synology Assistant
System Tray Audio Device Switcher
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ToolbarBrowser v2.4
TreeSize 1.75
TreeSize Free V2.3.1
TrueCrypt
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb957829)
VectorEye3
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio.NET Baseline - English
WebEx
WebEx Productivity Tools
WebFldrs XP
WildVoice Studio 1.0
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinISD Pro [alpha]
WinX DVD Ripper Platinum 5.9.2
WinX HD Video Converter Deluxe 3.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2011-03-24 11:35:20, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
2011-03-23 20:15:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2011-03-23 20:15:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2011-03-23 19:33:21, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
2011-03-23 18:38:55, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Temp\TrendMicro_TIMAX_en-US_32-bit\Vizor32\VizorUniclientLibrary.dll. Reference error message: The operation completed successfully. .
2011-03-23 16:21:44, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
2011-03-23 16:21:44, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
2011-03-23 11:55:43, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\twunk_32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.7.1.0.
2011-03-23 11:55:43, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\twunk_16.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.1.7.
2011-03-23 11:31:55, error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.
2011-03-23 08:03:33, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-23 08:03:11, error: Service Control Manager [7023] - The Symantec AntiVirus service terminated with the following error: The environment is incorrect.
2011-03-22 23:44:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm lenovo.smi SASDIFSV SASKUTIL SAVRT Smapint SYMTDI TDSMAPI tmtdi TPHKDRV TPPWRIF truecrypt TSMAPIP
2011-03-22 23:44:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2011-03-22 23:44:07, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-03-22 23:22:43, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
2011-03-22 17:06:10, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2011-03-22 14:18:23, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
2011-03-22 14:18:23, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Desktop\Trend_Micro\Vizor32\VizorUniclientLibrary.dll. Reference error message: The operation completed successfully. .
2011-03-22 14:18:23, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
2011-03-21 22:20:53, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
2011-03-21 22:09:16, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2011-03-21 20:11:26, error: DCOM [10000] - Unable to start a DCOM Server: {47750C42-706D-4EB4-8DF9-8D3289CA3173}. The error: "%2" Happened while starting this command: "C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe" Object -Embedding
2011-03-21 20:11:00, error: DCOM [10000] - Unable to start a DCOM Server: {00020906-0000-0000-C000-000000000046}. The error: "%2" Happened while starting this command: "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" -Embedding
2011-03-21 17:06:42, error: DCOM [10000] - Unable to start a DCOM Server: {601AC3DC-786A-4EB0-BF40-EE3521E70BFB}. The error: "%2" Happened while starting this command: rundll32.exe shell32.dll,SHCreateLocalServerRunDll {601ac3dc-786a-4eb0-bf40-ee3521e70bfb} -Embedding
2011-03-21 16:31:35, error: DCOM [10001] - Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
2011-03-21 16:29:07, error: DCOM [10000] - Unable to start a DCOM Server: {7160A13D-73DA-4CEA-95B9-37356478588A}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxext.exe -Embedding
2011-03-21 14:49:52, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
2011-03-21 14:41:50, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%2" Happened while starting this command: "C:\Program Files\Google\Update\GoogleUpdate.exe" -Embedding
2011-03-21 14:40:35, error: DCOM [10000] - Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}. The error: "%2" Happened while starting this command: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" -Embedding
2011-03-21 14:40:33, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
2011-03-21 13:40:17, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
2011-03-21 10:57:33, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the file specified.
2011-03-21 10:57:25, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-21 10:57:16, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-21 10:57:16, error: Service Control Manager [7000] - The Retrospect WD Service service failed to start due to the following error: The system cannot find the path specified.
2011-03-21 10:57:16, error: Service Control Manager [7000] - The Retrospect Launcher service failed to start due to the following error: The system cannot find the file specified.
2011-03-21 10:56:46, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-21 09:14:52, error: DCOM [10001] - Unable to start a DCOM Server: {5F4BAAD0-4D59-4FCD-B213-783CE7A92F22} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\wiaacmgr.exe -Embedding
.
==== End Of File ===========================
amoncarter
Active Member
 
Posts: 5
Joined: March 21st, 2011, 3:52 pm

Re: Trojan has highjacked file association

Unread postby Blade81 » March 25th, 2011, 2:05 pm

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\krn4.exe
Folder::
c:\Program Files\DNA
c:\Program Files\BitTorrent
DDS::
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
mRun: [krn] c:\windows\krn4.exe
Firefox::
FF - ProfilePath - c:\docume~1\micky~1.mir\applic~1\mozilla\firefox\profiles\qyfd7jqc.default\
FF - prefs.js: network.proxy.http - 188.93.20.212
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Also, Adobe Acrobat 6.0.1 Professional is not supported anymore and should be uninstalled.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trojan has highjacked file association

Unread postby amoncarter » March 25th, 2011, 11:35 pm

Hi Again,

have updatd java. (haven't upgraded adobe pro 6.0 yet!)

ran eset, it found the following: (ESET.log)
C:\Documents and Settings\micky.mirchandani\My Documents\utils\installer_Free_SMS_Now.exe multiple threats deleted - quarantined

ran combofix:

ComboFix 11-03-23.06 - micky.mirchandani 2011-03-25 16:59:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1560 [GMT -5:00]
Running from: c:\documents and settings\micky.mirchandani\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\micky.mirchandani\My Documents\cfscript.txt
.
FILE ::
"c:\windows\krn4.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\btdna.exe
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\windows\krn4.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-25 21:53 . 2011-03-25 21:53 -------- d-----w- c:\program files\Common Files\Java
2011-03-25 21:51 . 2011-02-03 02:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 21:51 . 2011-02-03 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-24 01:18 . 2011-03-24 01:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 23:44 . 2011-03-24 01:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2011-03-23 16:40 . 2011-03-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-23 16:39 . 2011-03-23 16:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-23 16:33 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 16:33 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 16:33 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 16:33 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 16:33 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 16:33 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 16:33 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 16:33 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 12:58 . 2011-03-24 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 12:58 . 2011-03-23 12:58 -------- d-----w- c:\program files\SpeedFan
2011-03-23 04:23 . 2011-03-23 04:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2011-03-23 04:05 . 2011-03-23 04:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro
2011-03-23 04:04 . 2011-03-23 12:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trend Micro
2011-03-23 03:44 . 2011-03-23 03:44 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 22:55 . 2011-03-22 22:55 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Local Settings\Application Data\Mozilla
2011-03-22 22:45 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-22 19:18 . 2011-03-24 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-03-21 19:40 . 2011-03-23 12:58 -------- d-s---w- c:\documents and settings\micky
2011-03-20 19:59 . 2011-03-23 12:58 -------- d-s---w- c:\documents and settings\IUSR_MICKYXPLT
2011-03-19 03:31 . 2011-03-19 03:31 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Application Data\SUPERAntiSpyware.com
2011-03-19 03:30 . 2011-03-19 03:30 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Local Settings\Application Data\Symantec
2011-03-19 03:26 . 2011-03-19 03:26 -------- d-----w- c:\documents and settings\Administrator.ORD-LMIM-1\Application Data\Malwarebytes
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 15:17 . 2010-04-26 01:17 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-02-03 00:19 . 2008-12-19 22:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-01 21:59 . 2011-02-01 21:59 286720 ------w- c:\windows\Setup1.exe
2011-02-01 21:59 . 2011-02-01 21:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-18 17:53 . 2011-03-23 16:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-03-15 00:45 . 2010-03-15 00:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-02-09 23:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-02-09 15622144]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-12-11 95960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-25 517480]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"vptray"="c:\progra~1\SYMANT~2\\vptray.exe" [2004-03-12 124128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-04 16:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1273290989-1249878499-1386548340-1752\Scripts\Logon\0\0]
"Script"=NetworkDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1273290989-1249878499-1386548340-1780\Scripts\Logon\0\0]
"Script"=NetworkDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1273290989-1249878499-1386548340-1794\Scripts\Logon\0\0]
"Script"=NetworkDrives.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-01-27 11:30 1312848 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-11 17:18 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SQLAgent$EDIENTERPRISE"=3 (0x3)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"MSSQL$EDIENTERPRISE"=2 (0x2)
"msftesql$EDIENTERPRISE"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"iPod Service"=3 (0x3)
"IISADMIN"=2 (0x2)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\One Call Sync\\One Call Sync Service.exe"=
"c:\\Program Files\\One Call Sync\\One Call Sync Configuration.exe"=
"c:\\Documents and Settings\\micky.mirchandani\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\RT-N16 Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\RT-N16 Wireless Router Utilities\\Rescue.exe"=
"c:\\Program Files\\ASUS\\RT-N16 Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-07-07 10368]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-04-25 24304]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-06-14 717296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-09 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-12-06 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2010-04-21 140184]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-04-25 132456]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-08-11 12856]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2008-12-12 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2005-12-21 3968]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2008-08-08 63928]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-08-11 13408]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-01-01 23152]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2010-12-06 45496]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-06-08 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-06-08 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-06-08 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-06-08 10368]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-06-06 30192]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-11-14 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-11-14 17448]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [2010-04-13 4608]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2010-02-17 66432]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-08-16 278016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2006-07-07 165120]
S4 One Call Sync Service;One Call Sync Service;c:\program files\One Call Sync\One Call Sync Service.exe [2009-01-29 32768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:01]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 13:01]
.
2011-03-25 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-08 17:16]
.
2011-03-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-08 17:16]
.
2011-03-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-06-06 07:28]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1025.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1033.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1034.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1036.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1040.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-1041.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-84905547-1107116568-820190441-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1025.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1033.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1034.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1036.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1040.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-1041.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-84905547-1107116568-820190441-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2006-06-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-06-06 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
FF - ProfilePath - c:\documents and settings\micky.mirchandani\Application Data\Mozilla\Firefox\Profiles\qyfd7jqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.proxy.no_proxies_on, , 192.168.2.0/255, 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-03-25 17:11:07
ComboFix-quarantined-files.txt 2011-03-25 22:11
ComboFix2.txt 2011-03-24 16:57
ComboFix3.txt 2010-01-11 20:55
.
Pre-Run: 8,750,743,552 bytes free
Post-Run: 8,725,512,192 bytes free
.
- - End Of File - - 0BBD47A111395EBB6C54AF6C3946E6B4

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-06-06 13:22:29
System Uptime: 2011-03-25 18:00:52 (4 hours ago)
.
Motherboard: LENOVO | | 170685U
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | None | 1828/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 8.355 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2249: 2011-01-08 18:44:30 - System Checkpoint
RP2250: 2011-01-09 19:45:24 - System Checkpoint
RP2251: 2011-01-10 20:52:02 - System Checkpoint
RP2252: 2011-01-11 21:32:39 - System Checkpoint
RP2253: 2011-01-12 22:52:59 - System Checkpoint
RP2254: 2011-01-14 00:16:56 - System Checkpoint
RP2255: 2011-01-15 01:11:01 - System Checkpoint
RP2256: 2011-01-16 02:08:34 - System Checkpoint
RP2257: 2011-01-17 03:08:35 - System Checkpoint
RP2258: 2011-01-18 04:08:36 - System Checkpoint
RP2259: 2011-01-19 05:08:37 - System Checkpoint
RP2260: 2011-01-20 06:08:38 - System Checkpoint
RP2261: 2011-01-21 07:08:40 - System Checkpoint
RP2262: 2011-01-22 08:09:45 - System Checkpoint
RP2263: 2011-01-23 09:09:53 - System Checkpoint
RP2264: 2011-01-24 10:14:15 - System Checkpoint
RP2265: 2011-01-25 11:06:57 - System Checkpoint
RP2266: 2011-01-26 11:08:44 - System Checkpoint
RP2267: 2011-01-27 12:08:43 - System Checkpoint
RP2268: 2011-01-28 13:08:44 - System Checkpoint
RP2269: 2011-01-29 14:34:28 - System Checkpoint
RP2270: 2011-01-30 11:45:11 - Installed iTunes
RP2271: 2011-01-31 12:09:12 - System Checkpoint
RP2272: 2011-02-01 19:51:48 - System Checkpoint
RP2273: 2011-02-02 21:24:45 - System Checkpoint
RP2274: 2011-02-03 22:26:12 - System Checkpoint
RP2275: 2011-02-05 00:12:41 - System Checkpoint
RP2276: 2011-02-06 01:08:52 - System Checkpoint
RP2277: 2011-02-07 02:08:53 - System Checkpoint
RP2278: 2011-02-08 03:08:53 - System Checkpoint
RP2279: 2011-02-09 04:08:13 - System Checkpoint
RP2280: 2011-02-10 05:04:17 - System Checkpoint
RP2281: 2011-02-11 05:07:08 - System Checkpoint
RP2282: 2011-02-12 05:56:57 - System Checkpoint
RP2283: 2011-02-13 06:56:57 - System Checkpoint
RP2284: 2011-02-14 07:58:03 - System Checkpoint
RP2285: 2011-02-15 08:56:59 - System Checkpoint
RP2286: 2011-02-16 09:11:34 - System Checkpoint
RP2287: 2011-02-17 09:54:20 - System Checkpoint
RP2288: 2011-02-18 10:48:24 - System Checkpoint
RP2289: 2011-02-19 11:19:10 - System Checkpoint
RP2290: 2011-02-20 12:58:45 - System Checkpoint
RP2291: 2011-02-21 13:35:57 - System Checkpoint
RP2292: 2011-02-22 15:17:37 - System Checkpoint
RP2293: 2011-02-23 15:49:43 - System Checkpoint
RP2294: 2011-02-24 16:11:52 - System Checkpoint
RP2295: 2011-02-25 18:22:34 - System Checkpoint
RP2296: 2011-02-27 00:18:51 - System Checkpoint
RP2297: 2011-02-28 00:43:34 - System Checkpoint
RP2298: 2011-03-01 17:03:21 - System Checkpoint
RP2299: 2011-03-02 19:15:03 - System Checkpoint
RP2300: 2011-03-03 20:01:30 - System Checkpoint
RP2301: 2011-03-04 22:11:22 - System Checkpoint
RP2302: 2011-03-05 23:02:45 - System Checkpoint
RP2303: 2011-03-06 23:05:28 - System Checkpoint
RP2304: 2011-03-08 00:01:39 - System Checkpoint
RP2305: 2011-03-09 01:01:40 - System Checkpoint
RP2306: 2011-03-10 01:50:12 - System Checkpoint
RP2307: 2011-03-11 02:01:41 - System Checkpoint
RP2308: 2011-03-12 03:01:45 - System Checkpoint
RP2309: 2011-03-13 05:01:42 - System Checkpoint
RP2310: 2011-03-14 05:02:48 - System Checkpoint
RP2311: 2011-03-15 06:01:47 - System Checkpoint
RP2312: 2011-03-16 07:01:44 - System Checkpoint
RP2313: 2011-03-17 08:01:45 - System Checkpoint
RP2314: 2011-03-18 09:07:52 - System Checkpoint
RP2315: 2011-03-20 13:32:57 - System Checkpoint
RP2316: 2011-03-21 13:40:17 - System Checkpoint
RP2317: 2011-03-22 15:10:59 - System Checkpoint
RP2318: 2011-03-23 07:57:18 - Restore Operation
RP2319: 2011-03-23 17:11:33 - march23
RP2320: 2011-03-23 18:15:07 - Software Distribution Service 3.0
RP2321: 2011-03-23 20:16:25 - Restore Operation
RP2322: 2011-03-24 20:51:42 - System Checkpoint
RP2323: 2011-03-24 22:00:26 - Software Distribution Service 3.0
RP2324: 2011-03-25 16:50:33 - Installed Java(TM) 6 Update 24
RP2325: 2011-03-25 17:59:21 - Installed Windows Internet Explorer 8.
.
==== Installed Programs ======================
.
WD Align System Utility 2.0 (Retail) - Powered By Paragon™
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.15 beta
Active Query Builder .NET Trial Edition v1.11.9.212
Active@ ISO Burner
Ad-Aware
Adobe Acrobat 6.0.1 Professional
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS RT-N16 Wireless Router Utilities
Batchrun 4.2
BeamBoy v2.2
Bonjour
Brother MFL-Pro Suite
CCleaner
CDDRV_Installer
Childcare Manager
Compatibility Pack for the 2007 Office system
CopyPasteTool
Core FTP LE 2.1
Defraggler (remove only)
Dell Driver Download Manager
Dell Printer Software
Deluxe Menus Trial
DemoCreator
ESET Online Scanner v3
Excelsior Installer 1.8
Fargo1
Free PDF to Word Doc Converter v1.1
Garmin City Navigator North America NT 2010.40
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GemBox.Spreadsheet Free 3.3
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.452
Help Center
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970685)
HP USB Disk Storage Format Tool
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iPhone Configuration Utility
Iron Speed Designer V6.2.1
iTunes
Java Auto Updater
Java(TM) 6 Update 24
KhalInstallWrapper
Korzh EasyQuery.NET for WinForms
LeKuSoft DVD Ripper 5.2
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Logitech Registration
Logitech SetPoint 6.0
LogMeIn
Malwarebytes' Anti-Malware
Media Lab SiteGrinder 2 (Basic & Pro)
Message Center Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XML Parser
MIT MathML Fonts 1.0
MobileMe Control Panel
Monarch Stone Layout Planner
Mozilla Firefox 4.0 (x86 en-US)
mProSafe
MSXML 6.0 Parser
mWlsSafe
MySQL Server 5.1
nLite 1.4.9.1
Notepad++
Nullsoft Install System
OGA Notifier 1.7.0102.0
On Screen Display
One Call Sync
OpenDNS Updater 2.2
PeerGuardian 2.0
Picasa 3
Poster Forge 1.02
Presentation Director
Quicken WillMaker Plus 2006
QuickTime
RealPlayer
RealUpgrade 1.0
Remove Hidden Data Tool
Scheduler Updater
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Skype™ 5.1
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartXLS
SMS Advanced Client
SoundMAX
Speccy
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SpreadsheetGear 2010
SQL Server System CLR Types
SugarSync Manager
SUPERAntiSpyware
Symantec Network Drivers Update
Synology Assistant
System Tray Audio Device Switcher
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ToolbarBrowser v2.4
TreeSize 1.75
TreeSize Free V2.3.1
TrueCrypt
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb957829)
VectorEye3
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio.NET Baseline - English
WebEx
WebEx Productivity Tools
WebFldrs XP
WildVoice Studio 1.0
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinISD Pro [alpha]
WinX DVD Ripper Platinum 5.9.2
WinX HD Video Converter Deluxe 3.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2011-03-24 11:35:20, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
2011-03-23 20:15:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2011-03-23 20:15:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2011-03-23 19:33:21, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
2011-03-23 18:38:55, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Temp\TrendMicro_TIMAX_en-US_32-bit\Vizor32\VizorUniclientLibrary.dll. Reference error message: The operation completed successfully. .
2011-03-23 16:21:44, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
2011-03-23 16:21:44, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
2011-03-23 11:55:43, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\twunk_32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.7.1.0.
2011-03-23 11:55:43, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\twunk_16.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.1.7.
2011-03-23 11:31:55, error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.
2011-03-23 08:03:33, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-23 08:03:11, error: Service Control Manager [7023] - The Symantec AntiVirus service terminated with the following error: The environment is incorrect.
2011-03-22 23:44:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm lenovo.smi SASDIFSV SASKUTIL SAVRT Smapint SYMTDI TDSMAPI tmtdi TPHKDRV TPPWRIF truecrypt TSMAPIP
2011-03-22 23:44:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2011-03-22 23:44:07, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-03-22 23:22:43, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
2011-03-22 17:06:10, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2011-03-22 14:18:23, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
2011-03-22 14:18:23, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Desktop\Trend_Micro\Vizor32\VizorUniclientLibrary.dll. Reference error message: The operation completed successfully. .
2011-03-22 14:18:23, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
2011-03-21 22:24:47, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
2011-03-21 22:13:05, error: DCOM [10000] - Unable to start a DCOM Server: {7160A13D-73DA-4CEA-95B9-37356478588A}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxext.exe -Embedding
2011-03-21 22:09:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2011-03-21 20:11:26, error: DCOM [10000] - Unable to start a DCOM Server: {47750C42-706D-4EB4-8DF9-8D3289CA3173}. The error: "%2" Happened while starting this command: "C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe" Object -Embedding
2011-03-21 20:11:20, error: DCOM [10001] - Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
2011-03-21 20:11:00, error: DCOM [10000] - Unable to start a DCOM Server: {00020906-0000-0000-C000-000000000046}. The error: "%2" Happened while starting this command: "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" -Embedding
2011-03-21 20:10:31, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%2" Happened while starting this command: "C:\Program Files\Google\Update\GoogleUpdate.exe" -Embedding
2011-03-21 17:06:42, error: DCOM [10000] - Unable to start a DCOM Server: {601AC3DC-786A-4EB0-BF40-EE3521E70BFB}. The error: "%2" Happened while starting this command: rundll32.exe shell32.dll,SHCreateLocalServerRunDll {601ac3dc-786a-4eb0-bf40-ee3521e70bfb} -Embedding
2011-03-21 14:49:52, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
2011-03-21 14:40:35, error: DCOM [10000] - Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}. The error: "%2" Happened while starting this command: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" -Embedding
2011-03-21 14:40:33, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
2011-03-21 13:40:17, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
2011-03-21 10:57:33, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the file specified.
2011-03-21 10:57:25, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-21 10:57:16, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-21 10:57:16, error: Service Control Manager [7000] - The Retrospect WD Service service failed to start due to the following error: The system cannot find the path specified.
2011-03-21 10:57:16, error: Service Control Manager [7000] - The Retrospect Launcher service failed to start due to the following error: The system cannot find the file specified.
2011-03-21 10:56:46, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011-03-21 09:14:52, error: DCOM [10001] - Unable to start a DCOM Server: {5F4BAAD0-4D59-4FCD-B213-783CE7A92F22} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\wiaacmgr.exe -Embedding
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by micky.mirchandani at 22:27:52.18 on 2011-03-25
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1553 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\SYMANT~2\vptray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\micky.mirchandani\My Documents\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TpShocks] TpShocks.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vptray] c:\progra~1\symant~2\\vptray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.30/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 0082813665
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0082793072
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... 02-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... 42-win.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\micky~1.mir\applic~1\mozilla\firefox\profiles\qyfd7jqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\micky.mirchandani\application data\mozilla\firefox\profiles\qyfd7jqc.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\micky.mirchandani\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.proxy.no_proxies_on, , 192.168.2.0/255, 192.168.2.1
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-7-7 10368]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-25 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-12-6 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2010-4-21 140184]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-25 132456]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-15 47640]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-12 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-8-8 63928]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110325.002\naveng.sys [2011-3-25 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110325.002\navex15.sys [2011-3-25 1360760]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 13408]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 23152]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-12-6 45496]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-6-8 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-6-8 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-6-8 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-6-8 10368]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-6-6 30192]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-11-14 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-11-14 17448]
S3 ndfs;ndfs;\??\c:\program files\netdrive\ndfs.sys --> c:\program files\netdrive\ndfs.sys [?]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2010-4-13 4608]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2010-2-17 66432]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2006-7-7 165120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 One Call Sync Service;One Call Sync Service;c:\program files\one call sync\One Call Sync Service.exe [2009-1-29 32768]
.
=============== Created Last 30 ================
.
2011-03-25 23:09:27 -------- d-----w- c:\program files\ESET
2011-03-25 22:58:52 -------- dc-h--w- c:\windows\ie8
2011-03-25 21:56:33 -------- d-----w- C:\ComboFix
2011-03-25 21:51:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-25 21:51:06 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-24 16:32:29 -------- d-sha-r- C:\cmdcons
2011-03-24 01:18:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-24 01:18:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 16:40:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-23 16:39:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-23 16:33:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 16:33:43 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-23 16:33:43 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-23 16:33:43 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-23 16:33:43 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-23 16:33:43 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-23 16:33:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-23 16:33:43 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-23 12:58:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 12:58:11 -------- d-----w- c:\program files\SpeedFan
2011-03-23 03:44:40 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 22:45:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-22 19:18:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-27 14:44:11 0 ----a-w- c:\windows\Ocicuc.bin
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-01 21:59:50 286720 ------w- c:\windows\Setup1.exe
2011-02-01 21:59:49 73216 ----a-w- c:\windows\ST6UNST.EXE
.
============= FINISH: 22:29:14.87 ===============
amoncarter
Active Member
 
Posts: 5
Joined: March 21st, 2011, 3:52 pm

Re: Trojan has highjacked file association

Unread postby Blade81 » March 26th, 2011, 7:54 am

Hi,

Delete c:\windows\Ocicuc.bin file. Any issues left?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trojan has highjacked file association

Unread postby Blade81 » March 29th, 2011, 12:43 pm

Are you still there?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trojan has highjacked file association

Unread postby Blade81 » April 1st, 2011, 11:58 am

Due to inactivity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware