Jump to content

Redirect to superpages.com & similar webpages


mataug
 Share

Recommended Posts

I've a strange problem. My MBAM regularly(like every 2 days) detects Trojan.Vundo.H when I run the scan. It deletes them and then the problem goes away for 2 days. But then I start getting the redirects again & I have to go through the process of running MBAM again to clean it(sometimes it doesn't even detect it). I had SuperAntiSpyware installed and it would regularly detect this file named Tdssserv.sys(which I think is a Trojan). So the point is that the stuff is getting detected, cleaned but still coming back.

Note that I haven't faced the problem of MBAM not opening up or anything like that. It is just that this problem is detected by it, cleaned & somehow makes it way back into my machine.

Here is the HJT Log when I ran it 15 minutes back

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:31:33 PM, on 1/26/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-21-3082963083-511668878-1817270673-1005\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9587 bytes

Thanks for looking at my problem. Please tell me if you think there is another log required.

Link to post
Share on other sites

Hi. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Hi. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

I went to sleep by 11 PM last night & couldn't reply to your message immediately.

ComboFix Log

ComboFix 09-01-21.04 - gautam 2009-01-26 23:06:42.3 - NTFSx86

Running from: c:\users\gautam\Desktop\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))

.

2009-01-24 11:38 . 2009-01-24 11:38 <DIR> d-------- c:\program files\Trend Micro

2009-01-24 11:22 . 2009-01-24 11:22 <DIR> d-------- c:\program files\CCleaner

2009-01-23 16:13 . 2009-01-23 16:12 102,664 --a------ c:\windows\System32\drivers\tmcomm.sys

2009-01-23 16:12 . 2009-01-23 18:17 <DIR> d-------- c:\users\gautam\.housecall6.6

2009-01-22 06:36 . 2009-01-22 06:36 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-01-22 06:36 . 2009-01-22 06:36 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-01-22 06:35 . 2009-01-26 10:03 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-20 07:20 . 2009-01-20 07:20 <DIR> d-------- c:\program files\Microsoft

2009-01-15 02:03 . 2008-12-15 22:14 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-01-06 12:08 . 2009-01-06 12:08 <DIR> d-------- c:\users\gautam\AppData\Roaming\PeerNetworking

2009-01-05 06:10 . 2009-01-05 06:11 1,905 --a------ c:\windows\diagwrn.xml

2009-01-05 06:10 . 2009-01-05 06:11 1,905 --a------ c:\windows\diagerr.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-27 04:12 96,942 ----a-w c:\users\All Users\nvModes.dat

2009-01-27 04:12 96,942 ----a-w c:\programdata\nvModes.dat

2009-01-27 04:10 742,556 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-01-27 04:10 63,094,816 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-01-27 02:29 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-01-27 01:58 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-01-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-16 01:42 --------- d-----w c:\program files\Windows Mail

2009-01-15 22:02 --------- d-----w c:\users\gautam\AppData\Roaming\uTorrent

2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-11 14:29 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-11 03:43 174 --sha-w c:\program files\desktop.ini

2008-12-07 16:42 --------- d-----w c:\users\gautam\AppData\Roaming\Desktopicon

2008-12-07 07:13 --------- d-----w c:\program files\ESET

2008-12-06 15:58 --------- d-----w c:\program files\Java

2008-12-03 08:47 --------- d-----w c:\users\gautam\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1

2008-12-03 08:47 --------- d-----w c:\program files\DIRECTV

2008-12-03 08:47 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-29 01:13 --------- d-----w c:\programdata\ParetoLogic

2008-11-29 01:13 --------- d-----w c:\program files\Common Files\ParetoLogic

2008-11-29 00:59 --------- d-----w c:\users\gautam\AppData\Roaming\Malwarebytes

2008-11-29 00:59 --------- d-----w c:\programdata\Malwarebytes

2008-11-27 20:31 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-27 20:31 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)

2008-02-25 07:27 82,638 ----a-w c:\users\gautam\AppData\Roaming\nvModes.dat

2005-12-06 03:31 114,688 ----a-w c:\program files\mozilla firefox\plugins\Xnpmozax.dll

2008-04-11 18:05 952 --sha-w c:\windows\System32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-22 820520]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-06-17 321072]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 540672]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-21 2614848]

"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-30 949376]

"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2007-09-06 49152]

"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]

"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\System32\TpShocks.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-20 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk

backup=c:\windows\pss\Last.fm Helper.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Voobys.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Voobys.lnk

backup=c:\windows\pss\Voobys.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

--a------ 2007-12-18 14:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]

--------- 2007-06-17 12:05 214576 c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--------- 2007-09-18 09:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--------- 2007-01-01 16:22 3739648 c:\users\gautam\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-02 18:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

--a------ 2006-02-13 11:33 214648 c:\program files\Octoshape Streaming Services\gautam\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]

--a------ 2005-08-18 03:55 99328 c:\program files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-01-12 10:31 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a------ 2008-03-01 00:10 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--------- 2007-09-20 02:16 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{63952510-4FF2-4CC0-A468-2C31F4EEF6D3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{3BE6A53A-2BF1-404E-8517-0B29C57CC4A8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{4F675A6B-A0ED-4E45-9C31-AC5D9E905B0C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5CD0D947-1D1E-4E5D-8CAB-DBBAFBDA8F17}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{2BFA3802-292D-4138-B4F5-0722081DB0C1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{8921687B-3ABE-450B-9A7D-53650DD29917}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{0C1418E4-9AB3-4799-BA7F-A9418A754114}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{B7914E7F-0E25-4843-B453-5EC0A8981AE6}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{7694A8BD-2046-4C22-B502-8413BD9D88B5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{41EC5529-DE88-4847-9264-329E40F87E04}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{CBDDCC87-B46A-45C9-AEE6-EB0ED3010B94}c:\\users\\gautam\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\gautam\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"UDP Query User{328B2F47-DBF4-480F-84C6-8588ACB3752A}c:\\users\\gautam\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\gautam\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"TCP Query User{71C6DB3F-1489-4C92-AC9C-924F48042013}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{CB3A5BD0-4098-49B3-9A68-439CA6DE77F8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{64DBA5C4-3BE3-4629-A9FF-ED4913CF6869}k:\\dump\\games\\cs 1.6\\hl.exe"= UDP:k:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{1007EF3E-ED47-4123-BBBF-5BAD9DF2BCA1}k:\\dump\\games\\cs 1.6\\hl.exe"= TCP:k:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{28DACB0B-2D22-41E9-A0CC-7CF85713FC92}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus

"UDP Query User{A36C0AEF-62C5-4876-83C7-D833D67FA15E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus

"TCP Query User{BCC4230B-1D7B-4F15-A9CF-332DE969AA54}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java Platform SE binary

"UDP Query User{DDC60F9D-501C-494D-862B-4FFDF808B08C}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java Platform SE binary

"TCP Query User{2DDE4347-27E7-42AD-AB42-A568EE47F3ED}c:\\program files\\new\\tlmc.exe"= UDP:c:\program files\new\tlmc.exe:TLMC

"UDP Query User{8B97D655-6021-4664-BC0D-FCACCECC0B7A}c:\\program files\\new\\tlmc.exe"= TCP:c:\program files\new\tlmc.exe:TLMC

"TCP Query User{7F79D0A4-14ED-4515-8722-2FC93069F429}c:\\program files\\new\\newvic020003\\newvic.exe"= UDP:c:\program files\new\newvic020003\newvic.exe:newvic

"UDP Query User{D59CF98B-37A8-4786-8CC0-A75975B40106}c:\\program files\\new\\newvic020003\\newvic.exe"= TCP:c:\program files\new\newvic020003\newvic.exe:newvic

"TCP Query User{9B93F700-0D64-4D87-A8C6-70819354A0E2}c:\\dump\\games\\cs 1.6\\hl.exe"= UDP:c:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{581545BE-151F-4AB3-91AE-B4F961F2E055}c:\\dump\\games\\cs 1.6\\hl.exe"= TCP:c:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{63BA1562-8C85-4EFA-AA4B-AE2C24ABC315}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{CE33E9E3-C7DB-43D5-811B-1381C94E575A}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{4E2DB5DA-1CBE-4F3F-BACC-927C8350B929}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{92F979B0-8A57-44BF-89A2-A41B37083080}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{70B3E483-DCF7-43C9-9B19-30BB81859862}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client

"UDP Query User{872C716E-4314-48B3-8F19-C3CC902B44EC}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client

"TCP Query User{E67ECF14-F428-4186-ABA7-4BF22BF4539F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{58E5E3EE-1840-458E-9920-D70FAA0A7020}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{4730AB6E-4082-4C3C-9EC4-95094D14BDF2}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application

"UDP Query User{41439522-3F17-4B24-BDB1-0FB2547131B8}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application

"TCP Query User{74B99F24-A2A8-4C66-B5E1-5DB4F04E6CA4}c:\\program files\\octoshape streaming services\\gautam\\octoshapeclient.exe"= UDP:c:\program files\octoshape streaming services\gautam\octoshapeclient.exe:OctoshapeClient

"UDP Query User{11B2EC93-E80B-4A63-A422-B03DC2E65487}c:\\program files\\octoshape streaming services\\gautam\\octoshapeclient.exe"= TCP:c:\program files\octoshape streaming services\gautam\octoshapeclient.exe:OctoshapeClient

"{937726AA-4B94-44F5-89A7-E10FE9DCD7E5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{06F66B88-851C-4021-8A21-68C6195E64E4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{6397BBB1-D70A-43B3-A8B3-BC019D472F88}c:\\program files\\ppmate\\ppmnet.exe"= UDP:c:\program files\ppmate\ppmnet.exe:ppmnet Module

"UDP Query User{CAF441E4-2B5C-431D-BBD0-D8C16A6D8FF3}c:\\program files\\ppmate\\ppmnet.exe"= TCP:c:\program files\ppmate\ppmnet.exe:ppmnet Module

"TCP Query User{98004884-5B46-4F68-B4E8-737187DF9155}c:\\program files\\uusee\\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer

"UDP Query User{13A11DB5-6BB5-497F-B1DC-10C715CF5CBD}c:\\program files\\uusee\\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer

"TCP Query User{9C3C7C22-DF4D-46C0-AC07-ED49BA86DDC5}c:\\program files\\streamerone\\streamerone.exe"= UDP:c:\program files\streamerone\streamerone.exe:StreamerOne

"UDP Query User{4BD6C4A0-992E-4E72-8F5B-1B5F802DB2E5}c:\\program files\\streamerone\\streamerone.exe"= TCP:c:\program files\streamerone\streamerone.exe:StreamerOne

"TCP Query User{7FA657C9-ED5F-4689-9248-ABDB06A7DCEC}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{B69A4428-0DFC-49E5-B1E6-17FF7A018C29}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"TCP Query User{E2BA305B-B101-4304-BD7D-0C24F35009B3}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:Last.fm

"UDP Query User{89D8F650-DD11-474B-B318-D5FDA7110AB7}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:Last.fm

"TCP Query User{CFD25128-6CA9-42DF-BC55-BB55316D7171}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{187557F1-F14D-45FE-901D-26B29D88DC7B}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{A836B0F2-672C-4B07-BD1E-6D8D4E93A6E9}c:\\program files\\sopcast\\sopvod.exe"= UDP:c:\program files\sopcast\sopvod.exe:sopvod

"UDP Query User{B42D4296-B283-4AFB-9F45-93C6C2FA9C70}c:\\program files\\sopcast\\sopvod.exe"= TCP:c:\program files\sopcast\sopvod.exe:sopvod

"TCP Query User{7584D33E-2734-4821-9F8A-CB2272FF891B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"UDP Query User{4E878D8C-8DDE-4428-B631-0D569289BD9B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"TCP Query User{7622D523-B148-4349-8324-E223E05A075A}c:\\program files\\realplay.exe"= UDP:c:\program files\realplay.exe:RealPlayer

"UDP Query User{54BA44FC-5121-4D34-8553-F321BFE402D9}c:\\program files\\realplay.exe"= TCP:c:\program files\realplay.exe:RealPlayer

"TCP Query User{7F9DB175-E28A-47AA-8819-79B3100D8527}d:\\softwares\\rpfree06\\reverseproxy.exe"= UDP:d:\softwares\rpfree06\reverseproxy.exe:ReverseProxy

"UDP Query User{23D32E7B-AB78-4FA5-807D-964E43E7C97B}d:\\softwares\\rpfree06\\reverseproxy.exe"= TCP:d:\softwares\rpfree06\reverseproxy.exe:ReverseProxy

"{A675376B-CD1F-4EEE-884B-DBA0B50799C7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{713B9FD1-0B6B-4C6A-B75C-EBD0AE49B21F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{20621DEB-55A1-413E-8703-EAEED6EB817F}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{1D4F488B-C08D-4A6A-88D6-7B640A8D2C2B}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{50DC4F1D-276F-4C90-BBDE-1AD918D59FCE}c:\\program files\\java\\jdk1.5.0_14\\bin\\java.exe"= UDP:c:\program files\java\jdk1.5.0_14\bin\java.exe:Java 2 Platform Standard Edition binary

"UDP Query User{4A4859F7-5708-4E28-B010-0A4BF1E21406}c:\\program files\\java\\jdk1.5.0_14\\bin\\java.exe"= TCP:c:\program files\java\jdk1.5.0_14\bin\java.exe:Java 2 Platform Standard Edition binary

"{E0998D3E-715B-489B-97FD-F7FB472F5250}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{B4C0AAE8-A21D-496B-825C-10CB80637722}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{5C18FE15-918E-45A9-82AD-9410DDA4317F}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{0766DD43-6FE8-45D7-942A-826E79365D39}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{ED53CF73-B1D4-4A78-9B08-102DB639997B}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{20BDCF75-FD5A-4152-B312-AF7335CB6865}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{8F1E1566-336C-4043-A9FB-DD03CCA7CF05}c:\\python25\\pythonw.exe"= UDP:c:\python25\pythonw.exe:pythonw

"UDP Query User{506FEBD4-6C44-4905-B2D2-82FF3D40817F}c:\\python25\\pythonw.exe"= TCP:c:\python25\pythonw.exe:pythonw

"TCP Query User{DC801466-7D69-499D-B3E3-5F71A2E3B1A4}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3

"UDP Query User{00BD1C3A-07B3-41DC-941E-518DC51D3A8A}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3

"TCP Query User{E3A4E708-6434-41F3-A82F-655CA2612401}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{6E661D59-ADCA-4D46-A32C-959BD98CE6BC}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{44DCC11E-01E4-450F-83AF-B637E3142DFB}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3

"UDP Query User{EBD75EEE-7D52-4CCB-B2CC-26FD1AFC238A}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3

"TCP Query User{3556B299-961D-46DD-9FCC-B495746373B7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{7CC57BCB-68A3-4B2E-BE8A-43756AF19B37}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{A4CBFA75-A982-479A-833B-DF54A059C88F}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{926D3497-027D-4ACA-9C7B-03835206DF46}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{A4D80D54-1C85-4858-B720-89434E34CCA9}"= UDP:25952:BitComet 25952 TCP

"{C4EFB4C3-1B8B-4A6A-9998-805CE7857471}"= TCP:25952:BitComet 25952 UDP

"TCP Query User{C7AFFDF1-7008-4DE6-9E4B-8A3FADC8230B}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{1E9DE62D-C9AB-4C58-9510-D011F3CF6251}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{7310F209-9B1F-4C65-9BD7-BAEE96488DCF}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB

"UDP Query User{EF566762-91F4-4375-AAAA-9FEC7996B4E7}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB

"{85C67EFF-2B64-40E3-808B-7D825870DE88}"= UDP:c:\program files\uTorrent\uTorrent.exe:

Link to post
Share on other sites

Hi. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

And the HJT Log -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:52:46 AM, on 1/27/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\Explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-21-3082963083-511668878-1817270673-1005\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9533 bytes

Do you see anything suspicious in any of the two logs ?

Link to post
Share on other sites

The following entry looked suspicious to me -

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

I clicked & fixed it. I used to get the problem only 6-7 times in a day. So I cannot be sure if the problem remains or not despite my actions described above. I will keep you guys informed about it while you look at the logs.

Link to post
Share on other sites

You should not fix anything like that, just because it looks suspicious doesn't mean it is.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Collect::

c:\users\All Users\nvModes.dat

c:\programdata\nvModes.dat

c:\users\gautam\AppData\Roaming\nvModes.dat

c:\program files\mozilla firefox\plugins\Xnpmozax.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.
Link to post
Share on other sites

You should not fix anything like that, just because it looks suspicious doesn't mean it is.

1. Please open Notepad

  • Click Start , then Run

  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt

  • A new HijackThis log.

Attached are the logs you had asked for -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:00:14 PM, on 1/27/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-21-3082963083-511668878-1817270673-1005\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9508 bytes

ComboFix.txt

ComboFix.txt

Link to post
Share on other sites

Please post the Combofix log and don't attach it. :)

oops sorry mate

here you go -

ComboFix 09-01-21.04 - gautam 2009-01-27 19:38:05.4 - NTFSx86

Running from: c:\users\gautam\Desktop\ComboFix.exe

Command switches used :: c:\users\gautam\Desktop\CFScript.txt

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\mozilla firefox\plugins\Xnpmozax.dll

c:\programdata\nvModes.dat

c:\users\gautam\AppData\Roaming\nvModes.dat

.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))

.

2009-01-27 13:08 . 2009-01-27 13:16 <DIR> d-------- C:\Lop SD

2009-01-27 12:12 . 2009-01-27 12:12 <DIR> d-------- c:\users\gautam\AppData\Roaming\IrfanView

2009-01-27 12:12 . 2009-01-27 12:12 <DIR> d-------- c:\program files\IrfanView

2009-01-24 11:38 . 2009-01-24 11:38 <DIR> d-------- c:\program files\Trend Micro

2009-01-24 11:22 . 2009-01-24 11:22 <DIR> d-------- c:\program files\CCleaner

2009-01-23 16:13 . 2009-01-23 16:12 102,664 --a------ c:\windows\System32\drivers\tmcomm.sys

2009-01-23 16:12 . 2009-01-23 18:17 <DIR> d-------- c:\users\gautam\.housecall6.6

2009-01-22 06:36 . 2009-01-22 06:36 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-01-22 06:36 . 2009-01-22 06:36 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-01-20 07:20 . 2009-01-20 07:20 <DIR> d-------- c:\program files\Microsoft

2009-01-15 02:03 . 2008-12-15 22:14 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-01-06 12:08 . 2009-01-06 12:08 <DIR> d-------- c:\users\gautam\AppData\Roaming\PeerNetworking

2009-01-05 17:33 . 2009-01-05 17:33 3,751,995 --a------ c:\windows\System32\GPhotos.scr

2009-01-05 06:10 . 2009-01-05 06:11 1,905 --a------ c:\windows\diagwrn.xml

2009-01-05 06:10 . 2009-01-05 06:11 1,905 --a------ c:\windows\diagerr.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-28 00:51 64,612,384 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-01-28 00:43 760,196 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-01-27 02:29 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-01-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-16 01:42 --------- d-----w c:\program files\Windows Mail

2009-01-15 22:02 --------- d-----w c:\users\gautam\AppData\Roaming\uTorrent

2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-11 14:29 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-11 03:43 174 --sha-w c:\program files\desktop.ini

2008-12-07 16:42 --------- d-----w c:\users\gautam\AppData\Roaming\Desktopicon

2008-12-07 07:13 --------- d-----w c:\program files\ESET

2008-12-06 15:59 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-06 15:58 --------- d-----w c:\program files\Java

2008-12-03 08:47 --------- d-----w c:\users\gautam\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1

2008-12-03 08:47 --------- d-----w c:\program files\DIRECTV

2008-12-03 08:47 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-29 01:13 --------- d-----w c:\programdata\ParetoLogic

2008-11-29 01:13 --------- d-----w c:\program files\Common Files\ParetoLogic

2008-11-29 00:59 --------- d-----w c:\users\gautam\AppData\Roaming\Malwarebytes

2008-11-29 00:59 --------- d-----w c:\programdata\Malwarebytes

2008-11-09 01:26 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll

2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe

2008-04-11 18:05 952 --sha-w c:\windows\System32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( snapshot@2009-01-26_23.17.42.88 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-27 04:11:13 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-28 00:44:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-27 04:11:13 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-01-28 00:44:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-27 04:11:35 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-28 00:51:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-28 00:51:43 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-27 04:11:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-28 00:51:43 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-28 00:51:43 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-26 13:10:04 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-27 17:58:43 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-26 13:10:04 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-27 17:58:43 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-26 13:10:04 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-27 17:58:43 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-27 02:34:31 108,558 ----a-w c:\windows\System32\perfc009.dat

+ 2009-01-28 00:50:24 108,558 ----a-w c:\windows\System32\perfc009.dat

- 2009-01-27 02:34:31 629,880 ----a-w c:\windows\System32\perfh009.dat

+ 2009-01-28 00:50:24 629,880 ----a-w c:\windows\System32\perfh009.dat

- 2009-01-27 02:30:10 8,446 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3082963083-511668878-1817270673-1005_UserData.bin

+ 2009-01-28 00:27:16 8,716 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3082963083-511668878-1817270673-1005_UserData.bin

- 2009-01-27 02:30:09 77,748 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-28 00:27:15 77,872 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-27 02:31:23 47,774 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-01-28 00:27:03 47,790 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-22 820520]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-06-17 321072]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 540672]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-21 2614848]

"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-30 949376]

"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2007-09-06 49152]

"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]

"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\System32\TpShocks.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-20 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk

backup=c:\windows\pss\Last.fm Helper.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Voobys.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Voobys.lnk

backup=c:\windows\pss\Voobys.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

--a------ 2007-12-18 14:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]

--------- 2007-06-17 12:05 214576 c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--------- 2007-09-18 09:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--------- 2007-01-01 16:22 3739648 c:\users\gautam\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-02 18:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

--a------ 2006-02-13 11:33 214648 c:\program files\Octoshape Streaming Services\gautam\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]

--a------ 2005-08-18 03:55 99328 c:\program files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-01-12 10:31 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a------ 2008-03-01 00:10 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--------- 2007-09-20 02:16 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{63952510-4FF2-4CC0-A468-2C31F4EEF6D3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{3BE6A53A-2BF1-404E-8517-0B29C57CC4A8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{4F675A6B-A0ED-4E45-9C31-AC5D9E905B0C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5CD0D947-1D1E-4E5D-8CAB-DBBAFBDA8F17}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{2BFA3802-292D-4138-B4F5-0722081DB0C1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{8921687B-3ABE-450B-9A7D-53650DD29917}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{0C1418E4-9AB3-4799-BA7F-A9418A754114}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{B7914E7F-0E25-4843-B453-5EC0A8981AE6}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{7694A8BD-2046-4C22-B502-8413BD9D88B5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{41EC5529-DE88-4847-9264-329E40F87E04}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{CBDDCC87-B46A-45C9-AEE6-EB0ED3010B94}c:\\users\\gautam\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\gautam\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"UDP Query User{328B2F47-DBF4-480F-84C6-8588ACB3752A}c:\\users\\gautam\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\gautam\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"TCP Query User{71C6DB3F-1489-4C92-AC9C-924F48042013}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{CB3A5BD0-4098-49B3-9A68-439CA6DE77F8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{64DBA5C4-3BE3-4629-A9FF-ED4913CF6869}k:\\dump\\games\\cs 1.6\\hl.exe"= UDP:k:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{1007EF3E-ED47-4123-BBBF-5BAD9DF2BCA1}k:\\dump\\games\\cs 1.6\\hl.exe"= TCP:k:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{28DACB0B-2D22-41E9-A0CC-7CF85713FC92}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus

"UDP Query User{A36C0AEF-62C5-4876-83C7-D833D67FA15E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus

"TCP Query User{BCC4230B-1D7B-4F15-A9CF-332DE969AA54}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java Platform SE binary

"UDP Query User{DDC60F9D-501C-494D-862B-4FFDF808B08C}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java Platform SE binary

"TCP Query User{2DDE4347-27E7-42AD-AB42-A568EE47F3ED}c:\\program files\\new\\tlmc.exe"= UDP:c:\program files\new\tlmc.exe:TLMC

"UDP Query User{8B97D655-6021-4664-BC0D-FCACCECC0B7A}c:\\program files\\new\\tlmc.exe"= TCP:c:\program files\new\tlmc.exe:TLMC

"TCP Query User{7F79D0A4-14ED-4515-8722-2FC93069F429}c:\\program files\\new\\newvic020003\\newvic.exe"= UDP:c:\program files\new\newvic020003\newvic.exe:newvic

"UDP Query User{D59CF98B-37A8-4786-8CC0-A75975B40106}c:\\program files\\new\\newvic020003\\newvic.exe"= TCP:c:\program files\new\newvic020003\newvic.exe:newvic

"TCP Query User{9B93F700-0D64-4D87-A8C6-70819354A0E2}c:\\dump\\games\\cs 1.6\\hl.exe"= UDP:c:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{581545BE-151F-4AB3-91AE-B4F961F2E055}c:\\dump\\games\\cs 1.6\\hl.exe"= TCP:c:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{63BA1562-8C85-4EFA-AA4B-AE2C24ABC315}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{CE33E9E3-C7DB-43D5-811B-1381C94E575A}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{4E2DB5DA-1CBE-4F3F-BACC-927C8350B929}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{92F979B0-8A57-44BF-89A2-A41B37083080}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{70B3E483-DCF7-43C9-9B19-30BB81859862}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client

"UDP Query User{872C716E-4314-48B3-8F19-C3CC902B44EC}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client

"TCP Query User{E67ECF14-F428-4186-ABA7-4BF22BF4539F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{58E5E3EE-1840-458E-9920-D70FAA0A7020}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{4730AB6E-4082-4C3C-9EC4-95094D14BDF2}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application

"UDP Query User{41439522-3F17-4B24-BDB1-0FB2547131B8}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application

"TCP Query User{74B99F24-A2A8-4C66-B5E1-5DB4F04E6CA4}c:\\program files\\octoshape streaming services\\gautam\\octoshapeclient.exe"= UDP:c:\program files\octoshape streaming services\gautam\octoshapeclient.exe:OctoshapeClient

"UDP Query User{11B2EC93-E80B-4A63-A422-B03DC2E65487}c:\\program files\\octoshape streaming services\\gautam\\octoshapeclient.exe"= TCP:c:\program files\octoshape streaming services\gautam\octoshapeclient.exe:OctoshapeClient

"{937726AA-4B94-44F5-89A7-E10FE9DCD7E5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{06F66B88-851C-4021-8A21-68C6195E64E4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{6397BBB1-D70A-43B3-A8B3-BC019D472F88}c:\\program files\\ppmate\\ppmnet.exe"= UDP:c:\program files\ppmate\ppmnet.exe:ppmnet Module

"UDP Query User{CAF441E4-2B5C-431D-BBD0-D8C16A6D8FF3}c:\\program files\\ppmate\\ppmnet.exe"= TCP:c:\program files\ppmate\ppmnet.exe:ppmnet Module

"TCP Query User{98004884-5B46-4F68-B4E8-737187DF9155}c:\\program files\\uusee\\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer

"UDP Query User{13A11DB5-6BB5-497F-B1DC-10C715CF5CBD}c:\\program files\\uusee\\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer

"TCP Query User{9C3C7C22-DF4D-46C0-AC07-ED49BA86DDC5}c:\\program files\\streamerone\\streamerone.exe"= UDP:c:\program files\streamerone\streamerone.exe:StreamerOne

"UDP Query User{4BD6C4A0-992E-4E72-8F5B-1B5F802DB2E5}c:\\program files\\streamerone\\streamerone.exe"= TCP:c:\program files\streamerone\streamerone.exe:StreamerOne

"TCP Query User{7FA657C9-ED5F-4689-9248-ABDB06A7DCEC}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{B69A4428-0DFC-49E5-B1E6-17FF7A018C29}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"TCP Query User{E2BA305B-B101-4304-BD7D-0C24F35009B3}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:Last.fm

"UDP Query User{89D8F650-DD11-474B-B318-D5FDA7110AB7}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:Last.fm

"TCP Query User{CFD25128-6CA9-42DF-BC55-BB55316D7171}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{187557F1-F14D-45FE-901D-26B29D88DC7B}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{A836B0F2-672C-4B07-BD1E-6D8D4E93A6E9}c:\\program files\\sopcast\\sopvod.exe"= UDP:c:\program files\sopcast\sopvod.exe:sopvod

"UDP Query User{B42D4296-B283-4AFB-9F45-93C6C2FA9C70}c:\\program files\\sopcast\\sopvod.exe"= TCP:c:\program files\sopcast\sopvod.exe:sopvod

"TCP Query User{7584D33E-2734-4821-9F8A-CB2272FF891B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"UDP Query User{4E878D8C-8DDE-4428-B631-0D569289BD9B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"TCP Query User{7622D523-B148-4349-8324-E223E05A075A}c:\\program files\\realplay.exe"= UDP:c:\program files\realplay.exe:RealPlayer

"UDP Query User{54BA44FC-5121-4D34-8553-F321BFE402D9}c:\\program files\\realplay.exe"= TCP:c:\program files\realplay.exe:RealPlayer

"TCP Query User{7F9DB175-E28A-47AA-8819-79B3100D8527}d:\\softwares\\rpfree06\\reverseproxy.exe"= UDP:d:\softwares\rpfree06\reverseproxy.exe:ReverseProxy

"UDP Query User{23D32E7B-AB78-4FA5-807D-964E43E7C97B}d:\\softwares\\rpfree06\\reverseproxy.exe"= TCP:d:\softwares\rpfree06\reverseproxy.exe:ReverseProxy

"{A675376B-CD1F-4EEE-884B-DBA0B50799C7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{713B9FD1-0B6B-4C6A-B75C-EBD0AE49B21F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{20621DEB-55A1-413E-8703-EAEED6EB817F}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{1D4F488B-C08D-4A6A-88D6-7B640A8D2C2B}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{50DC4F1D-276F-4C90-BBDE-1AD918D59FCE}c:\\program files\\java\\jdk1.5.0_14\\bin\\java.exe"= UDP:c:\program files\java\jdk1.5.0_14\bin\java.exe:Java 2 Platform Standard Edition binary

"UDP Query User{4A4859F7-5708-4E28-B010-0A4BF1E21406}c:\\program files\\java\\jdk1.5.0_14\\bin\\java.exe"= TCP:c:\program files\java\jdk1.5.0_14\bin\java.exe:Java 2 Platform Standard Edition binary

"{E0998D3E-715B-489B-97FD-F7FB472F5250}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{B4C0AAE8-A21D-496B-825C-10CB80637722}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{5C18FE15-918E-45A9-82AD-9410DDA4317F}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{0766DD43-6FE8-45D7-942A-826E79365D39}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{ED53CF73-B1D4-4A78-9B08-102DB639997B}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{20BDCF75-FD5A-4152-B312-AF7335CB6865}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{8F1E1566-336C-4043-A9FB-DD03CCA7CF05}c:\\python25\\pythonw.exe"= UDP:c:\python25\pythonw.exe:pythonw

"UDP Query User{506FEBD4-6C44-4905-B2D2-82FF3D40817F}c:\\python25\\pythonw.exe"= TCP:c:\python25\pythonw.exe:pythonw

"TCP Query User{DC801466-7D69-499D-B3E3-5F71A2E3B1A4}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3

"UDP Query User{00BD1C3A-07B3-41DC-941E-518DC51D3A8A}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3

"TCP Query User{E3A4E708-6434-41F3-A82F-655CA2612401}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{6E661D59-ADCA-4D46-A32C-959BD98CE6BC}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{44DCC11E-01E4-450F-83AF-B637E3142DFB}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3

"UDP Query User{EBD75EEE-7D52-4CCB-B2CC-26FD1AFC238A}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3

"TCP Query User{3556B299-961D-46DD-9FCC-B495746373B7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{7CC57BCB-68A3-4B2E-BE8A-43756AF19B37}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{A4CBFA75-A982-479A-833B-DF54A059C88F}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{926D3497-027D-4ACA-9C7B-03835206DF46}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{A4D80D54-1C85-4858-B720-89434E34CCA9}"= UDP:25952:BitComet 25952 TCP

"{C4EFB4C3-1B8B-4A6A-9998-805CE7857471}"= TCP:25952:BitComet 25952 UDP

"TCP Query User{C7AFFDF1-7008-4DE6-9E4B-8A3FADC8230B}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{1E9DE62D-C9AB-4C58-9510-D011F3CF6251}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{7310F209-9B1F-4C65-9BD7-BAEE96488DCF}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB

"UDP Query User{EF566762-91F4-4375-AAAA-9FEC7996B4E7}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB

"{85C67EFF-2B64-40E3-808B-7D825870DE88}"= UDP:c:\program files\uTorrent\uTorrent.exe:

Link to post
Share on other sites

No problem. :)

Go ahead and go start -> run and type in combofix /u to uninstall Combofix.

Then you need to uninstall Adobe Reader 7.0 and download and install the latest version (9) from here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download
and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on
    JavaRa.exe
    to start the program.
  • From the drop-down menu, choose
    English
    and click on
    Select
    .

  • JavaRa will open; click on
    Remove Older Versions
    to remove the older versions of Java installed on your computer.

  • Click
    Yes
    when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click
    OK
    .

  • A logfile will pop up. Please save it to a convenient location.

Update Java Runtime
The most current version of Sun Java is:
Java Runtime Environment (JRE) 6 Update 11
.
  • Go to
    http://java.sun.com/javase/downloads/index.jsp' rel="external nofollow">
  • Go to
    Java Runtime Environment (JRE) 6 Update 11
    about half way down the page and click on the
    Download
    button.

  • In Platform box choose Windows.

  • Check the box to
    Accept License Agreement
    and click Continue.

  • Click on
    Windows Offline Installation,
    click on the link under it which says
    jre-6u11-windows-i586-p.exe
    and save the downloaded file to your desktop.

  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.

  • Uncheck the Toolbar button (unless you want the toolbar)

  • Reboot your computer

Then post the JavaRA log and a new HijackThis log please.

Link to post
Share on other sites

No problem. :)

Go ahead and go start -> run and type in combofix /u to uninstall Combofix.

Then you need to uninstall Adobe Reader 7.0 and download and install the latest version (9) from here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download
and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on
    JavaRa.exe
    to start the program.

  • From the drop-down menu, choose
    English
    and click on
    Select
    .

  • JavaRa will open; click on
    Remove Older Versions
    to remove the older versions of Java installed on your computer.

  • Click
    Yes
    when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click
    OK
    .

  • A logfile will pop up. Please save it to a convenient location.

Update Java Runtime
The most current version of Sun Java is:
Java Runtime Environment (JRE) 6 Update 11
.
  • Go to

  • Go to
    Java Runtime Environment (JRE) 6 Update 11
    about half way down the page and click on the
    Download
    button.

  • In Platform box choose Windows.

  • Check the box to
    Accept License Agreement
    and click Continue.

  • Click on
    Windows Offline Installation,
    click on the link under it which says
    jre-6u11-windows-i586-p.exe
    and save the downloaded file to your desktop.

  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.

  • Uncheck the Toolbar button (unless you want the toolbar)

  • Reboot your computer

Then post the JavaRA log and a new HijackThis log please.

JavaRA log

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 27 23:47:28 2009

Found and removed: C:\Program Files\Java\jre1.5.0_14

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511004

Found and removed: SOFTWARE\Classes\JavaPlugin.150_14

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_14

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_14

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150140}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_14

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_14\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 27 23:49:16 2009

------------------------------------

Finished reporting.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:12:17 AM, on 1/28/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-21-3082963083-511668878-1817270673-1005\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9646 bytes

Link to post
Share on other sites

Fix these with HijackThis:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Otherwise you look clean. Are you still having any problems?

Link to post
Share on other sites

Fix these with HijackThis:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Otherwise you look clean. Are you still having any problems?

I will try out the above suggestions. Since posting the two logs, my firefox has been redirected twice. And I don't know if this matters but the two times that it did redirect, only my facebook was open at that time.

Link to post
Share on other sites

I will try out the above suggestions. Since posting the two logs, my firefox has been redirected twice. And I don't know if this matters but the two times that it did redirect, only my facebook was open at that time.

The latest HJT log -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:37:01 PM, on 1/28/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Users\gautam\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-21-3082963083-511668878-1817270673-1005\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9492 bytes

Link to post
Share on other sites

Please delete Combofix and download a new copy and post the log.

sorry there were some problems with my router ... couldn't get my internet working for some time

ComboFix 09-01-21.04 - gautam 2009-01-28 23:01:54.5 - NTFSx86

Running from: c:\users\gautam\Desktop\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))

.

2009-01-28 00:02 . 2009-01-28 00:02 0 --a------ c:\windows\System32\REN407F.tmp

2009-01-28 00:02 . 2009-01-28 00:02 0 --a------ c:\windows\System32\REN407E.tmp

2009-01-28 00:02 . 2009-01-28 00:02 0 --a------ c:\windows\System32\REN406E.tmp

2009-01-27 23:36 . 2009-01-28 00:06 <DIR> d-------- c:\users\All Users\NOS

2009-01-27 23:36 . 2009-01-28 00:06 <DIR> d-------- c:\programdata\NOS

2009-01-27 23:36 . 2009-01-28 00:06 <DIR> d-------- c:\program files\NOS

2009-01-27 20:17 . 2009-01-28 23:08 96,942 --a------ c:\users\All Users\nvModes.dat

2009-01-27 20:17 . 2009-01-28 23:08 96,942 --a------ c:\programdata\nvModes.dat

2009-01-27 13:08 . 2009-01-27 13:16 <DIR> d-------- C:\Lop SD

2009-01-27 12:12 . 2009-01-27 12:12 <DIR> d-------- c:\users\gautam\AppData\Roaming\IrfanView

2009-01-27 12:12 . 2009-01-27 12:12 <DIR> d-------- c:\program files\IrfanView

2009-01-24 11:38 . 2009-01-24 11:38 <DIR> d-------- c:\program files\Trend Micro

2009-01-24 11:22 . 2009-01-24 11:22 <DIR> d-------- c:\program files\CCleaner

2009-01-23 16:13 . 2009-01-23 16:12 102,664 --a------ c:\windows\System32\drivers\tmcomm.sys

2009-01-23 16:12 . 2009-01-23 18:17 <DIR> d-------- c:\users\gautam\.housecall6.6

2009-01-20 07:20 . 2009-01-20 07:20 <DIR> d-------- c:\program files\Microsoft

2009-01-15 02:03 . 2008-12-15 22:14 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-01-06 12:08 . 2009-01-06 12:08 <DIR> d-------- c:\users\gautam\AppData\Roaming\PeerNetworking

2009-01-05 17:33 . 2009-01-05 17:33 3,751,995 --a------ c:\windows\System32\GPhotos.scr

2009-01-05 06:10 . 2009-01-05 06:11 1,905 --a------ c:\windows\diagwrn.xml

2009-01-05 06:10 . 2009-01-05 06:11 1,905 --a------ c:\windows\diagerr.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-29 04:08 66,764,960 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-01-29 04:05 785,468 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-01-28 05:03 410,984 ----a-w c:\windows\System32\deploytk.dll

2009-01-28 04:47 --------- d-----w c:\program files\Java

2009-01-28 04:39 --------- d-----w c:\program files\Common Files\Adobe

2009-01-19 12:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-16 01:42 --------- d-----w c:\program files\Windows Mail

2009-01-15 22:02 --------- d-----w c:\users\gautam\AppData\Roaming\uTorrent

2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-11 14:29 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-11 03:43 174 --sha-w c:\program files\desktop.ini

2008-12-07 16:42 --------- d-----w c:\users\gautam\AppData\Roaming\Desktopicon

2008-12-07 07:13 --------- d-----w c:\program files\ESET

2008-12-03 08:47 --------- d-----w c:\users\gautam\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1

2008-12-03 08:47 --------- d-----w c:\program files\DIRECTV

2008-12-03 08:47 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-29 01:13 --------- d-----w c:\programdata\ParetoLogic

2008-11-29 01:13 --------- d-----w c:\program files\Common Files\ParetoLogic

2008-11-29 00:59 --------- d-----w c:\users\gautam\AppData\Roaming\Malwarebytes

2008-11-29 00:59 --------- d-----w c:\programdata\Malwarebytes

2008-11-09 01:26 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll

2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe

2008-04-11 18:05 952 --sha-w c:\windows\System32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-22 820520]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-06-17 321072]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 540672]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-21 2614848]

"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-30 949376]

"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2007-09-06 49152]

"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]

"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\System32\TpShocks.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-20 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk

backup=c:\windows\pss\Last.fm Helper.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Voobys.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Voobys.lnk

backup=c:\windows\pss\Voobys.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

--a------ 2007-12-18 14:04 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]

--------- 2007-06-17 12:05 214576 c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--------- 2007-09-18 09:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 16:22 3739648 c:\users\gautam\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-02 18:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

--a------ 2006-02-13 11:33 214648 c:\program files\Octoshape Streaming Services\gautam\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]

--a------ 2005-08-18 03:55 99328 c:\program files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-01-12 10:31 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a------ 2008-03-01 00:10 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--------- 2007-09-20 02:16 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{63952510-4FF2-4CC0-A468-2C31F4EEF6D3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{3BE6A53A-2BF1-404E-8517-0B29C57CC4A8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{4F675A6B-A0ED-4E45-9C31-AC5D9E905B0C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5CD0D947-1D1E-4E5D-8CAB-DBBAFBDA8F17}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{2BFA3802-292D-4138-B4F5-0722081DB0C1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{8921687B-3ABE-450B-9A7D-53650DD29917}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{0C1418E4-9AB3-4799-BA7F-A9418A754114}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{B7914E7F-0E25-4843-B453-5EC0A8981AE6}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{7694A8BD-2046-4C22-B502-8413BD9D88B5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{41EC5529-DE88-4847-9264-329E40F87E04}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{CBDDCC87-B46A-45C9-AEE6-EB0ED3010B94}c:\\users\\gautam\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\gautam\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"UDP Query User{328B2F47-DBF4-480F-84C6-8588ACB3752A}c:\\users\\gautam\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\gautam\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"TCP Query User{71C6DB3F-1489-4C92-AC9C-924F48042013}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{CB3A5BD0-4098-49B3-9A68-439CA6DE77F8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{64DBA5C4-3BE3-4629-A9FF-ED4913CF6869}k:\\dump\\games\\cs 1.6\\hl.exe"= UDP:k:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{1007EF3E-ED47-4123-BBBF-5BAD9DF2BCA1}k:\\dump\\games\\cs 1.6\\hl.exe"= TCP:k:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{28DACB0B-2D22-41E9-A0CC-7CF85713FC92}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus

"UDP Query User{A36C0AEF-62C5-4876-83C7-D833D67FA15E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus

"TCP Query User{BCC4230B-1D7B-4F15-A9CF-332DE969AA54}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java Platform SE binary

"UDP Query User{DDC60F9D-501C-494D-862B-4FFDF808B08C}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java Platform SE binary

"TCP Query User{2DDE4347-27E7-42AD-AB42-A568EE47F3ED}c:\\program files\\new\\tlmc.exe"= UDP:c:\program files\new\tlmc.exe:TLMC

"UDP Query User{8B97D655-6021-4664-BC0D-FCACCECC0B7A}c:\\program files\\new\\tlmc.exe"= TCP:c:\program files\new\tlmc.exe:TLMC

"TCP Query User{7F79D0A4-14ED-4515-8722-2FC93069F429}c:\\program files\\new\\newvic020003\\newvic.exe"= UDP:c:\program files\new\newvic020003\newvic.exe:newvic

"UDP Query User{D59CF98B-37A8-4786-8CC0-A75975B40106}c:\\program files\\new\\newvic020003\\newvic.exe"= TCP:c:\program files\new\newvic020003\newvic.exe:newvic

"TCP Query User{9B93F700-0D64-4D87-A8C6-70819354A0E2}c:\\dump\\games\\cs 1.6\\hl.exe"= UDP:c:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{581545BE-151F-4AB3-91AE-B4F961F2E055}c:\\dump\\games\\cs 1.6\\hl.exe"= TCP:c:\dump\games\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{63BA1562-8C85-4EFA-AA4B-AE2C24ABC315}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{CE33E9E3-C7DB-43D5-811B-1381C94E575A}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{4E2DB5DA-1CBE-4F3F-BACC-927C8350B929}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{92F979B0-8A57-44BF-89A2-A41B37083080}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{70B3E483-DCF7-43C9-9B19-30BB81859862}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client

"UDP Query User{872C716E-4314-48B3-8F19-C3CC902B44EC}c:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:c:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client

"TCP Query User{E67ECF14-F428-4186-ABA7-4BF22BF4539F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{58E5E3EE-1840-458E-9920-D70FAA0A7020}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{4730AB6E-4082-4C3C-9EC4-95094D14BDF2}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application

"UDP Query User{41439522-3F17-4B24-BDB1-0FB2547131B8}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application

"TCP Query User{74B99F24-A2A8-4C66-B5E1-5DB4F04E6CA4}c:\\program files\\octoshape streaming services\\gautam\\octoshapeclient.exe"= UDP:c:\program files\octoshape streaming services\gautam\octoshapeclient.exe:OctoshapeClient

"UDP Query User{11B2EC93-E80B-4A63-A422-B03DC2E65487}c:\\program files\\octoshape streaming services\\gautam\\octoshapeclient.exe"= TCP:c:\program files\octoshape streaming services\gautam\octoshapeclient.exe:OctoshapeClient

"{937726AA-4B94-44F5-89A7-E10FE9DCD7E5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{06F66B88-851C-4021-8A21-68C6195E64E4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{6397BBB1-D70A-43B3-A8B3-BC019D472F88}c:\\program files\\ppmate\\ppmnet.exe"= UDP:c:\program files\ppmate\ppmnet.exe:ppmnet Module

"UDP Query User{CAF441E4-2B5C-431D-BBD0-D8C16A6D8FF3}c:\\program files\\ppmate\\ppmnet.exe"= TCP:c:\program files\ppmate\ppmnet.exe:ppmnet Module

"TCP Query User{98004884-5B46-4F68-B4E8-737187DF9155}c:\\program files\\uusee\\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer

"UDP Query User{13A11DB5-6BB5-497F-B1DC-10C715CF5CBD}c:\\program files\\uusee\\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer

"TCP Query User{9C3C7C22-DF4D-46C0-AC07-ED49BA86DDC5}c:\\program files\\streamerone\\streamerone.exe"= UDP:c:\program files\streamerone\streamerone.exe:StreamerOne

"UDP Query User{4BD6C4A0-992E-4E72-8F5B-1B5F802DB2E5}c:\\program files\\streamerone\\streamerone.exe"= TCP:c:\program files\streamerone\streamerone.exe:StreamerOne

"TCP Query User{7FA657C9-ED5F-4689-9248-ABDB06A7DCEC}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{B69A4428-0DFC-49E5-B1E6-17FF7A018C29}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player

"TCP Query User{E2BA305B-B101-4304-BD7D-0C24F35009B3}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:Last.fm

"UDP Query User{89D8F650-DD11-474B-B318-D5FDA7110AB7}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:Last.fm

"TCP Query User{CFD25128-6CA9-42DF-BC55-BB55316D7171}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{187557F1-F14D-45FE-901D-26B29D88DC7B}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{A836B0F2-672C-4B07-BD1E-6D8D4E93A6E9}c:\\program files\\sopcast\\sopvod.exe"= UDP:c:\program files\sopcast\sopvod.exe:sopvod

"UDP Query User{B42D4296-B283-4AFB-9F45-93C6C2FA9C70}c:\\program files\\sopcast\\sopvod.exe"= TCP:c:\program files\sopcast\sopvod.exe:sopvod

"TCP Query User{7584D33E-2734-4821-9F8A-CB2272FF891B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"UDP Query User{4E878D8C-8DDE-4428-B631-0D569289BD9B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"TCP Query User{7622D523-B148-4349-8324-E223E05A075A}c:\\program files\\realplay.exe"= UDP:c:\program files\realplay.exe:RealPlayer

"UDP Query User{54BA44FC-5121-4D34-8553-F321BFE402D9}c:\\program files\\realplay.exe"= TCP:c:\program files\realplay.exe:RealPlayer

"TCP Query User{7F9DB175-E28A-47AA-8819-79B3100D8527}d:\\softwares\\rpfree06\\reverseproxy.exe"= UDP:d:\softwares\rpfree06\reverseproxy.exe:ReverseProxy

"UDP Query User{23D32E7B-AB78-4FA5-807D-964E43E7C97B}d:\\softwares\\rpfree06\\reverseproxy.exe"= TCP:d:\softwares\rpfree06\reverseproxy.exe:ReverseProxy

"{A675376B-CD1F-4EEE-884B-DBA0B50799C7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{713B9FD1-0B6B-4C6A-B75C-EBD0AE49B21F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{20621DEB-55A1-413E-8703-EAEED6EB817F}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{1D4F488B-C08D-4A6A-88D6-7B640A8D2C2B}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{50DC4F1D-276F-4C90-BBDE-1AD918D59FCE}c:\\program files\\java\\jdk1.5.0_14\\bin\\java.exe"= UDP:c:\program files\java\jdk1.5.0_14\bin\java.exe:Java 2 Platform Standard Edition binary

"UDP Query User{4A4859F7-5708-4E28-B010-0A4BF1E21406}c:\\program files\\java\\jdk1.5.0_14\\bin\\java.exe"= TCP:c:\program files\java\jdk1.5.0_14\bin\java.exe:Java 2 Platform Standard Edition binary

"{E0998D3E-715B-489B-97FD-F7FB472F5250}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{B4C0AAE8-A21D-496B-825C-10CB80637722}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{5C18FE15-918E-45A9-82AD-9410DDA4317F}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{0766DD43-6FE8-45D7-942A-826E79365D39}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{ED53CF73-B1D4-4A78-9B08-102DB639997B}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{20BDCF75-FD5A-4152-B312-AF7335CB6865}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{8F1E1566-336C-4043-A9FB-DD03CCA7CF05}c:\\python25\\pythonw.exe"= UDP:c:\python25\pythonw.exe:pythonw

"UDP Query User{506FEBD4-6C44-4905-B2D2-82FF3D40817F}c:\\python25\\pythonw.exe"= TCP:c:\python25\pythonw.exe:pythonw

"TCP Query User{DC801466-7D69-499D-B3E3-5F71A2E3B1A4}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3

"UDP Query User{00BD1C3A-07B3-41DC-941E-518DC51D3A8A}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3

"TCP Query User{E3A4E708-6434-41F3-A82F-655CA2612401}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{6E661D59-ADCA-4D46-A32C-959BD98CE6BC}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{44DCC11E-01E4-450F-83AF-B637E3142DFB}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3

"UDP Query User{EBD75EEE-7D52-4CCB-B2CC-26FD1AFC238A}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3

"TCP Query User{3556B299-961D-46DD-9FCC-B495746373B7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{7CC57BCB-68A3-4B2E-BE8A-43756AF19B37}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{A4CBFA75-A982-479A-833B-DF54A059C88F}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{926D3497-027D-4ACA-9C7B-03835206DF46}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{A4D80D54-1C85-4858-B720-89434E34CCA9}"= UDP:25952:BitComet 25952 TCP

"{C4EFB4C3-1B8B-4A6A-9998-805CE7857471}"= TCP:25952:BitComet 25952 UDP

"TCP Query User{C7AFFDF1-7008-4DE6-9E4B-8A3FADC8230B}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{1E9DE62D-C9AB-4C58-9510-D011F3CF6251}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{7310F209-9B1F-4C65-9BD7-BAEE96488DCF}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB

"UDP Query User{EF566762-91F4-4375-AAAA-9FEC7996B4E7}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB

"{85C67EFF-2B64-40E3-808B-7D825870DE88}"= UDP:c:\program files\uTorrent\uTorrent.exe:

Link to post
Share on other sites

Please delete Combofix and download a new copy and post the log.

I really think it has something to do with an application called Sports Bets on facebook(an app for betting fake chips on games) ... only when I visit that part of facebook do I get redirected !

just happened 5 times in a row on that website

Link to post
Share on other sites

I really think it has something to do with an application called Sports Bets on facebook(an app for betting fake chips on games) ... only when I visit that part of facebook do I get redirected !

just happened 5 times in a row on that website

Hello Tiger,

I found something on yahoo which looks similar to what happens with my laptop sometimes :

second post in the following thread -

http://answers.yahoo.com/question/index?qi...26003148AArSEhM

have you guys had complaints of ads being compromised ?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.