Jump to content

Browser Hijacked, Trojans, etc.

zamanigg
 Share

Recommended Posts

zamanigg

zamanigg

Posted
Posted

Hi,

I have run Malwarebytes as well as Spybot - Search and Destroy and I still get redirects from google as well as ads on pages that should not have ads. Thanks for helping me out.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19272

Run by zamanmm at 16:08:45 on 2012-07-22

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.1294 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\IPSSVC.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\QUBEE WCM\GPCommonService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxddserv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ptumlcmsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\Lenovo\System Update\SUService.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\DllHost.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\QUBEE WCM\QUBEE WCM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\QUBEE WCM\wimax\WmMMgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\system32\rundll32.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WerCon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: FCToolbarURLSearchHook Class: {c1b8770b-7d91-c494-31e0-e62db08b9414} - c:\program files\bucksbee loyalty plugin - w3i\Helper.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll

BHO: Bucksbee Loyalty Plugin - W3i: {626a9bf6-a6f4-18f4-159b-52a7a586c40b} - c:\program files\bucksbee loyalty plugin - w3i\BucksBee Loyalty Plugin.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.2.3\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - c:\program files\rewardsarcadesuite\RewardsArcadeSuite.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\coupons.com couponbar\tbcore3.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:\program files\coupons.com couponbar\tbcore3.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [QUBEE WCM] "c:\program files\qubee wcm\QUBEE WCM.exe" minimized

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\users\zamanmm\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [<NO NAME>]

mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [RPT Msgsrv] "c:\program files\panasonic\panasonic-dms\rpt network printer port\Msgsrv.exe" /NRPT Network Printer /S

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jobsta~1.lnk - c:\program files\panasonic\panasonic-dms\lrecvtrap\LRecvTrap.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{803FC278-F797-4213-9E4F-829AE9D9FD55} : DhcpNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{C9697EE0-222B-4F23-A61D-0A5C7B10426B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CFFA5286-0D07-40C6-BABC-811702F106B0} : DhcpNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{D3510E5F-6489-45C4-9374-CA9B3DDA2BC9} : DhcpNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{DB3C85D0-8D16-468C-8E13-33AFE808BDA4} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\240\g2ax_winlogon.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli ACGina

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-14 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-14 744568]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20120720.001\IDSvix86.sys [2012-7-20 382624]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-14 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207020.003\symtdiv.sys [2012-6-14 331384]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-25 43912]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-8 21504]

R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-2-29 90112]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]

R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-2-29 15360]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-14 130008]

R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-9-14 113168]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-3 1153368]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-6-7 478712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-15 106656]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]

S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-6-28 38440]

S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-6-7 57256]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\240\g2ax_service.exe [2010-10-12 161144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-2-29 131072]

S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-9-14 59664]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-9-14 168208]

S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-9-14 168208]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-9-14 168848]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-9-14 168208]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-10-3 10112]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

S4 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 55936]

.

=============== Created Last 30 ================

.

2012-07-22 17:19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-22 17:19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 16:22:25 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 16:16:17 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-11 16:13:22 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 16:13:14 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 16:13:14 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 16:13:12 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 16:13:12 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 16:13:12 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-03 18:44:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-03 18:44:11 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-03 18:40:14 -------- d-----w- c:\users\zamanmm\appdata\roaming\Ad-Aware Antivirus

2012-06-28 18:19:36 38440 ----a-r- c:\windows\system32\drivers\acsint.sys

2012-06-24 16:02:09 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 16:01:46 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 16:01:31 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 16:01:31 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-11 23:47:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 23:47:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-07 15:35:31 10744 ----a-w- c:\windows\system32\vpncategories.dll

2012-06-07 15:35:26 33272 ----a-w- c:\windows\system32\vpnevents.dll

2012-06-07 15:25:20 23976 ----a-w- c:\windows\system32\drivers\vpnva.sys

2012-06-07 15:24:23 57256 ----a-r- c:\windows\system32\drivers\acsmux.sys

2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec

2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 16:12:17.88 ===============

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Business

Boot Device: \Device\HarddiskVolume2

Install Date: 7/18/2008 3:45:52 PM

System Uptime: 7/22/2012 3:54:32 PM (1 hours ago)

.

Motherboard: LENOVO | | 76591PU

Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 7.109 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP1316: 7/21/2012 1:12:38 PM - Windows Update

RP1317: 7/21/2012 6:43:00 PM - Removed WinZip 15.0

RP1318: 7/22/2012 12:15:20 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

7-Zip 9.22beta

Access Help

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Brother P-touch Address Book 1.1

Brother P-touch Editor 5.0

Brother P-touch Software

Brother QL-570 User's Guide

Bucksbee Loyalty Plugin - W3i

BufferChm

Business Contact Manager for Outlook 2007 SP2

Canon MP Navigator 2.2

Canon MP530

Canon MP530 User Registration

Canon Utilities Easy-PhotoPrint

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

Client Security Solution

Coupon Printer for Windows

CouponBar

Destinations

DeviceDiscovery

DocMgr

DocProc

Download Updater (AOL LLC)

EPSON Printer Software

EPSON Scan

Fax

getPlus® for Adobe

Google Chrome

Google Earth

Google Update Helper

Google Updater

GoToAssist Customer 1.5.0.240

GPBaseService2

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP LaserJet P2030 Series

HP Officejet 4500 G510n-z

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

hppusgP2030

HPSSupply

Hyper Electronics Mappers Utilities

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

iTunes

Java™ 6 Update 29

Java™ 6 Update 7

Java™ SE Runtime Environment 6

Junk Mail filter update

Lenovo Registration

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Lexmark 2500 Series

Livestation

Logitech Desktop Messenger

Logitech Print Service

Logitech QuickCam

Logitech Updater

Logitech Webcam Software

Logitech® Camera Driver

Maintenance Manager

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Accounting 2008

Microsoft Office Accounting 2008 Equifax Addin

Microsoft Office Accounting 2008 Fixed Asset Manager

Microsoft Office Accounting 2008 PayPal Addin

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Move Media Player

MrvlUsgTracking

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MVision

Network

Norton Internet Security

OCR Software by I.R.I.S. 13.0

Octoshape add-in for Adobe Flash Player

On Screen Display

Panasonic Job Status Utility

Panasonic Printer Drivers

Panasonic Printing System

Panasonic RPT Network Printer Port

Panasonic Windows Firewall Setting Tool

PANTECH UML290

Picasa 3

Presentation Director

Productivity Center Supplement for ThinkPad

QUBEE WiMAX Connection Manager

RealPlayer

Registry patch for Windows Vista USB S3 PM Enablement

Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

Rescue and Recovery

RewardsArcadeSuite

Rhapsody Player Engine

RSA SecurID Software Token 1.0.1 for Web SDK

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Shop for HP Supplies

Skype Click to Call

Skype™ 5.9

SmartWebPrinting

SolutionCenter

SoundMAX

Spybot - Search & Destroy

Status

System Migration Assistant

System Update

TeleTracker Online

ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Mobility Center Customization

ThinkPad Modem

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

Thinkpad Wireless LAN Adapters Software (11a/b/g/n)

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Productivity Center

ThinkVantage Technologies Welcome Message

Toolbox

TrayApp

Ultimate Media Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VerizonWireless

VZAccess Manager

Wallpapers

WebCam for MSN Messenger

WebEx

WebReg

Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)

Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)

Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)

Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)

Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)

Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)

Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)

Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)

Windows Driver Package - Lenovo (IBMPMDRV) System (02/27/2007 1.42)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Driver Package - Ricoh Company (rismxdp) hdc (11/18/2006 6.00.01.05)

Windows Driver Package - Ricoh Company MMC Host Controller (11/14/2006 6.00.01.04)

Windows Firewall Setting Tool

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Worthware - CellSell H.A.C.I. Thin-Client (162)

.

==== Event Viewer Messages From Past Week ========

.

7/22/2012 4:04:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

7/22/2012 4:03:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

7/22/2012 4:02:06 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

7/22/2012 3:59:23 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 3:59:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

7/22/2012 3:56:01 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/22/2012 3:55:54 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

7/22/2012 12:24:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

7/22/2012 12:20:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

7/21/2012 1:52:15 PM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x8007045d.

7/21/2012 1:12:20 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.24. The computer with the IP address 192.168.1.36 did not allow the name to be claimed by this computer.

7/19/2012 8:09:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

7/18/2012 4:34:34 PM, Error: TPM [13] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

7/18/2012 10:10:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

7/18/2012 10:10:48 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/18/2012 1:50:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Zamans-PC\zamanmm SID (S-1-5-21-3894235439-4067020577-3388496322-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/17/2012 11:24:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

7/15/2012 7:39:42 AM, Error: netbt [4321] - The name "ZAMANS-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello zamanigg and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please uninstall the following applications:

Bucksbee Loyalty Plugin - W3i

RewardsArcadeSuite

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log file

Link to post
Share on other sites
zamanigg

zamanigg

Posted
  • Author
Posted

Hi Maniac,

I was unable to run aswMBR.exe. It gave me a BSOD twice. Just tried to go to IBM's website through google and got redirected to monster.com :(

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.23.11

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19272

zamanmm :: ZAMANS-PC [administrator]

7/23/2012 6:31:38 PM

mbam-log-2012-07-23 (18-31-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205545

Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19272

Run by zamanmm at 19:25:58 on 2012-07-23

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.1317 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\IPSSVC.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\QUBEE WCM\GPCommonService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxddserv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ptumlcmsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\DllHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\QUBEE WCM\QUBEE WCM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\QUBEE WCM\wimax\WmMMgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.2.3\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\coupons.com couponbar\tbcore3.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.2.3\coIEPlg.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:\program files\coupons.com couponbar\tbcore3.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [QUBEE WCM] "c:\program files\qubee wcm\QUBEE WCM.exe" minimized

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\users\zamanmm\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [<NO NAME>]

mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [RPT Msgsrv] "c:\program files\panasonic\panasonic-dms\rpt network printer port\Msgsrv.exe" /NRPT Network Printer /S

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jobsta~1.lnk - c:\program files\panasonic\panasonic-dms\lrecvtrap\LRecvTrap.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{803FC278-F797-4213-9E4F-829AE9D9FD55} : DhcpNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{C9697EE0-222B-4F23-A61D-0A5C7B10426B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CFFA5286-0D07-40C6-BABC-811702F106B0} : DhcpNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{D3510E5F-6489-45C4-9374-CA9B3DDA2BC9} : DhcpNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{DB3C85D0-8D16-468C-8E13-33AFE808BDA4} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\240\g2ax_winlogon.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli ACGina

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-14 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-14 744568]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20120720.001\IDSvix86.sys [2012-7-20 382624]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-14 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207020.003\symtdiv.sys [2012-6-14 331384]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-25 43912]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-8 21504]

R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-2-29 90112]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]

R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-2-29 15360]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-14 130008]

R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-9-14 113168]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-3 1153368]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-6-7 478712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-15 106656]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-23 40776]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]

S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-6-28 38440]

S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-6-7 57256]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\240\g2ax_service.exe [2010-10-12 161144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-2-29 131072]

S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-9-14 59664]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-9-14 168208]

S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-9-14 168208]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-9-14 168848]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-9-14 168208]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-10-3 10112]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

S4 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 55936]

.

=============== Created Last 30 ================

.

2012-07-23 22:31:03 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-22 17:19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-22 17:19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 16:22:25 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 16:16:17 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-11 16:13:22 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 16:13:14 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 16:13:14 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 16:13:12 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 16:13:12 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 16:13:12 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-03 18:44:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-03 18:44:11 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-03 18:40:14 -------- d-----w- c:\users\zamanmm\appdata\roaming\Ad-Aware Antivirus

2012-06-28 18:19:36 38440 ----a-r- c:\windows\system32\drivers\acsint.sys

2012-06-24 16:02:09 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 16:01:46 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 16:01:31 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 16:01:31 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-11 23:47:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 23:47:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-07 15:35:31 10744 ----a-w- c:\windows\system32\vpncategories.dll

2012-06-07 15:35:26 33272 ----a-w- c:\windows\system32\vpnevents.dll

2012-06-07 15:25:20 23976 ----a-w- c:\windows\system32\drivers\vpnva.sys

2012-06-07 15:24:23 57256 ----a-r- c:\windows\system32\drivers\acsmux.sys

2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec

2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 19:27:20.85 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Business

Boot Device: \Device\HarddiskVolume2

Install Date: 7/18/2008 3:45:52 PM

System Uptime: 7/23/2012 7:10:52 PM (0 hours ago)

.

Motherboard: LENOVO | | 76591PU

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 6.832 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP1319: 7/23/2012 2:02:29 PM - Windows Update

RP1320: 7/23/2012 5:39:01 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

7-Zip 9.22beta

Access Help

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Brother P-touch Address Book 1.1

Brother P-touch Editor 5.0

Brother P-touch Software

Brother QL-570 User's Guide

BufferChm

Business Contact Manager for Outlook 2007 SP2

Canon MP Navigator 2.2

Canon MP530

Canon MP530 User Registration

Canon Utilities Easy-PhotoPrint

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

Client Security Solution

Coupon Printer for Windows

CouponBar

Destinations

DeviceDiscovery

DocMgr

DocProc

Download Updater (AOL LLC)

EPSON Printer Software

EPSON Scan

Fax

getPlus® for Adobe

Google Chrome

Google Earth

Google Update Helper

Google Updater

GoToAssist Customer 1.5.0.240

GPBaseService2

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP LaserJet P2030 Series

HP Officejet 4500 G510n-z

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

hppusgP2030

HPSSupply

Hyper Electronics Mappers Utilities

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

iTunes

Java 6 Update 29

Java 6 Update 7

Java SE Runtime Environment 6

Junk Mail filter update

Lenovo Registration

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Lexmark 2500 Series

Livestation

Logitech Desktop Messenger

Logitech Print Service

Logitech QuickCam

Logitech Updater

Logitech Webcam Software

Logitech® Camera Driver

Maintenance Manager

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Accounting 2008

Microsoft Office Accounting 2008 Equifax Addin

Microsoft Office Accounting 2008 Fixed Asset Manager

Microsoft Office Accounting 2008 PayPal Addin

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Move Media Player

MrvlUsgTracking

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MVision

Network

Norton Internet Security

OCR Software by I.R.I.S. 13.0

Octoshape add-in for Adobe Flash Player

On Screen Display

Panasonic Job Status Utility

Panasonic Printer Drivers

Panasonic Printing System

Panasonic RPT Network Printer Port

Panasonic Windows Firewall Setting Tool

PANTECH UML290

Picasa 3

Presentation Director

Productivity Center Supplement for ThinkPad

QUBEE WiMAX Connection Manager

RealPlayer

Registry patch for Windows Vista USB S3 PM Enablement

Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

Rescue and Recovery

Rhapsody Player Engine

RSA SecurID Software Token 1.0.1 for Web SDK

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Shop for HP Supplies

Skype Click to Call

Skype™ 5.9

SmartWebPrinting

SolutionCenter

SoundMAX

Spybot - Search & Destroy

Status

System Migration Assistant

System Update

TeleTracker Online

ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Mobility Center Customization

ThinkPad Modem

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

Thinkpad Wireless LAN Adapters Software (11a/b/g/n)

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Productivity Center

ThinkVantage Technologies Welcome Message

Toolbox

TrayApp

Ultimate Media Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VerizonWireless

VZAccess Manager

Wallpapers

WebCam for MSN Messenger

WebEx

WebReg

Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)

Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)

Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)

Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)

Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)

Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)

Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)

Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)

Windows Driver Package - Lenovo (IBMPMDRV) System (02/27/2007 1.42)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Driver Package - Ricoh Company (rismxdp) hdc (11/18/2006 6.00.01.05)

Windows Driver Package - Ricoh Company MMC Host Controller (11/14/2006 6.00.01.04)

Windows Firewall Setting Tool

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Worthware - CellSell H.A.C.I. Thin-Client (162)

.

==== Event Viewer Messages From Past Week ========

.

7/23/2012 8:06:21 AM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x8007045d.

7/23/2012 7:20:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/23/2012 7:19:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

7/23/2012 7:19:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

7/23/2012 7:19:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/23/2012 7:12:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.

7/23/2012 7:12:44 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/23/2012 7:12:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 1722. The printer cannot be used by others on the network.

7/23/2012 7:11:43 PM, Error: EventLog [6008] - The previous system shutdown at 7:09:44 PM on 7/23/2012 was unexpected.

7/23/2012 6:56:49 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

7/23/2012 6:50:50 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.

7/23/2012 6:50:03 PM, Error: EventLog [6008] - The previous system shutdown at 6:47:57 PM on 7/23/2012 was unexpected.

7/23/2012 5:43:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

7/23/2012 5:41:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

7/23/2012 2:03:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

7/23/2012 2:03:51 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/23/2012 2:03:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

7/22/2012 6:56:42 PM, Error: netbt [4321] - The name "ZAMANS-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.

7/22/2012 3:59:23 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 3:59:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

7/22/2012 3:55:54 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

7/21/2012 1:12:20 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.24. The computer with the IP address 192.168.1.36 did not allow the name to be claimed by this computer.

7/19/2012 8:09:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

7/18/2012 4:34:34 PM, Error: TPM [13] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

7/18/2012 10:10:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

7/18/2012 10:10:48 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/18/2012 1:50:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Zamans-PC\zamanmm SID (S-1-5-21-3894235439-4067020577-3388496322-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/17/2012 11:24:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Don't worry.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
  • 2 weeks later...
zamanigg

zamanigg

Posted
  • Author
Posted

Hi,

I'm back. Just got done moving into a new place. I have run the combofix program successfully. Also, after running the program, I got a redirect from a google search. I am not sure if combofix was supposed to prevent it or not but here is the log.

ComboFix 12-08-13.01 - zamanmm 08/13/2012 15:09:32.1.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.1244 [GMT -4:00]

Running from: c:\users\zamanmm\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\a

c:\programdata\SPL5618.tmp

c:\users\zamanmm\Documents\~WRL0003.tmp

c:\users\zamanmm\Documents\~WRL0005.tmp

c:\users\zamanmm\Documents\~WRL0009.tmp

c:\users\zamanmm\Documents\~WRL2320.tmp

c:\users\zamanmm\Documents\~WRL3132.tmp

c:\users\zamanmm\Documents\~WRL4064.tmp

c:\users\zamanmm\g2ax_customer_downloadhelper_win32_x86.exe

c:\windows\system32\~GLH0086.TMP

c:\windows\system32\~GLH0092.TMP

c:\windows\system32\~GLH0093.TMP

c:\windows\system32\~GLH0099.TMP

c:\windows\system32\~GLH009a.TMP

c:\windows\system32\~GLH009b.TMP

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\wmm_cur.log

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-13 19:18 . 2012-08-13 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 22:48 . 2012-08-09 22:48 -------- d-----w- c:\program files\Oracle

2012-08-09 22:47 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-09 22:42 . 2012-08-09 22:42 -------- d-----w- c:\programdata\McAfee

2012-08-06 14:38 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdddrpp.dll

2012-07-28 21:23 . 2012-07-29 16:56 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005

2012-07-25 22:02 . 2012-07-25 22:02 -------- d-----w- c:\windows\hpoj4500g510g-m

2012-07-23 23:57 . 2010-09-07 18:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys

2012-07-23 23:57 . 2012-07-23 23:57 -------- d-----w- C:\DRIVERS

2012-07-23 23:54 . 2012-07-23 23:54 -------- d-----w- c:\users\zamanmm\AppData\Local\ApplicationHistory

2012-07-22 17:19 . 2012-07-22 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-22 17:19 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 23:47 . 2012-04-05 14:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 23:47 . 2011-06-08 15:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-28 21:28 . 2009-05-23 19:21 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-07-06 02:06 . 2010-05-02 03:21 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:40 . 2012-07-11 16:22 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 15:35 . 2012-06-07 15:35 10744 ----a-w- c:\windows\system32\vpncategories.dll

2012-06-07 15:35 . 2012-06-07 15:35 33272 ----a-w- c:\windows\system32\vpnevents.dll

2012-06-07 15:25 . 2012-06-07 15:25 23976 ----a-w- c:\windows\system32\drivers\vpnva.sys

2012-06-07 15:24 . 2012-06-28 18:19 38440 ----a-r- c:\windows\system32\drivers\acsint.sys

2012-06-07 15:24 . 2012-06-07 15:24 57256 ----a-r- c:\windows\system32\drivers\acsmux.sys

2012-06-05 16:47 . 2012-07-11 16:13 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-07-11 16:13 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26 . 2012-07-11 16:13 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:19 . 2012-06-24 16:02 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 16:02 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 16:01 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 16:01 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-24 16:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-24 16:02 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-24 16:01 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-24 16:01 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-06-24 16:01 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 00:04 . 2012-07-11 16:13 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-07-11 16:13 204288 ----a-w- c:\windows\system32\ncrypt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]

.

[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]

.

[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"QUBEE WCM"="c:\program files\QUBEE WCM\QUBEE WCM.exe" [2010-06-25 798720]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-14 820520]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-04-10 321072]

"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]

"RPT Msgsrv"="c:\program files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe" [2007-04-11 57344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Job Status Utility.lnk - c:\program files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe [2008-6-24 147456]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-18 50688]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-9-23 169472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]

2010-10-12 16:08 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google Update"="c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]

R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:47]

.

2012-08-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 23:54]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7aec95b5ec60.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 21:16]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 21:16]

.

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cab612236fd982.job

- c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 19:50]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cc8dc88cb16ea1.job

- c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 19:50]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000UA.job

- c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 19:50]

.

2009-11-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2009-11-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-InstallIQUpdater - c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-13 15:24

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\system32\TPAPSLOG.LOG 128 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,c5,db,61,b5,50,2f,44,95,81,5b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,c5,db,61,b5,50,2f,44,95,81,5b,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(13092)

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe

c:\program files\LENOVO\HOTKEY\TPHKSVC.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\LENOVO\HOTKEY\tposdsvc.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\atashost.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\QUBEE WCM\GPCommonService.exe

c:\program files\LENOVO\VIRTSCRL\lvvsst.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe

c:\windows\system32\lxddcoms.exe

c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Panasonic\TrapMonitor\Trapmnnt.exe

c:\windows\system32\ptumlcmsvc.exe

c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2012-08-13 15:35:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-13 19:35

.

Pre-Run: 6,719,647,744 bytes free

Post-Run: 6,859,485,184 bytes free

.

- - End Of File - - 03A0EC6B869C04FD226F0C27DD5E107A

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\Coupons.com CouponBar

Registry::
[-HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[-HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
[-HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[-HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
zamanigg

zamanigg

Posted
  • Author
Posted

ComboFix 12-08-14.05 - zamanmm 08/14/2012 16:57:39.2.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.1477 [GMT -4:00]

Running from: c:\users\zamanmm\Downloads\ComboFix.exe

Command switches used :: c:\users\zamanmm\Downloads\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Coupons.com CouponBar

c:\program files\Coupons.com CouponBar\arrow_refresh.png

c:\program files\Coupons.com CouponBar\basis.xml

c:\program files\Coupons.com CouponBar\chrome\coupons.com.crx\coupons.com.crx

c:\program files\Coupons.com CouponBar\cog.png

c:\program files\Coupons.com CouponBar\computer_delete.png

c:\program files\Coupons.com CouponBar\coupons.com.dll

c:\program files\Coupons.com CouponBar\dataLoader.js

c:\program files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\coupons.com.xpi

c:\program files\Coupons.com CouponBar\icons3.bmp

c:\program files\Coupons.com CouponBar\info.txt

c:\program files\Coupons.com CouponBar\login.png

c:\program files\Coupons.com CouponBar\logo.png

c:\program files\Coupons.com CouponBar\lua5.1.dll

c:\program files\Coupons.com CouponBar\search.png

c:\program files\Coupons.com CouponBar\TbCommonUtils.dll

c:\program files\Coupons.com CouponBar\tbcore3.dll

c:\program files\Coupons.com CouponBar\tbhelper.dll

c:\program files\Coupons.com CouponBar\TbHelper2.exe

c:\program files\Coupons.com CouponBar\todays_deals.png

c:\program files\Coupons.com CouponBar\uninstall.exe

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG1.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG1.JPG

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG2.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG2.JPG

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG3.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG3.JPG

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG4.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG4.JPG

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG5.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG5.JPG

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG6.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG7.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG8.BMP

c:\program files\Coupons.com CouponBar\Uninstall\IRIMG9.BMP

c:\program files\Coupons.com CouponBar\Uninstall\uninstall.dat

c:\program files\Coupons.com CouponBar\Uninstall\uninstall.xml

c:\program files\Coupons.com CouponBar\update.exe

c:\program files\Coupons.com CouponBar\version.txt

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

c:\windows\system32\wmm_cur.log

.

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

.

2012-08-14 21:10 . 2012-08-14 21:10 -------- d-----w- C:\A

2012-08-14 21:06 . 2012-08-14 21:06 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-08-14 21:06 . 2012-08-14 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 22:48 . 2012-08-09 22:48 -------- d-----w- c:\program files\Oracle

2012-08-09 22:42 . 2012-08-09 22:42 -------- d-----w- c:\programdata\McAfee

2012-08-06 14:38 . 2007-02-27 04:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdddrpp.dll

2012-07-28 21:23 . 2012-07-29 16:56 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005

2012-07-25 22:02 . 2012-07-25 22:02 -------- d-----w- c:\windows\hpoj4500g510g-m

2012-07-23 23:57 . 2010-09-07 18:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys

2012-07-23 23:57 . 2012-07-23 23:57 -------- d-----w- C:\DRIVERS

2012-07-23 23:54 . 2012-07-23 23:54 -------- d-----w- c:\users\zamanmm\AppData\Local\ApplicationHistory

2012-07-22 17:19 . 2012-07-22 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-22 17:19 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 23:47 . 2012-04-05 14:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 23:47 . 2011-06-08 15:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-28 21:28 . 2009-05-23 19:21 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-07-06 02:06 . 2012-08-09 22:47 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-06 02:06 . 2010-05-02 03:21 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:40 . 2012-07-11 16:22 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 15:35 . 2012-06-07 15:35 10744 ----a-w- c:\windows\system32\vpncategories.dll

2012-06-07 15:35 . 2012-06-07 15:35 33272 ----a-w- c:\windows\system32\vpnevents.dll

2012-06-07 15:25 . 2012-06-07 15:25 23976 ----a-w- c:\windows\system32\drivers\vpnva.sys

2012-06-07 15:24 . 2012-06-28 18:19 38440 ----a-r- c:\windows\system32\drivers\acsint.sys

2012-06-07 15:24 . 2012-06-07 15:24 57256 ----a-r- c:\windows\system32\drivers\acsmux.sys

2012-06-05 16:47 . 2012-07-11 16:13 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-07-11 16:13 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26 . 2012-07-11 16:13 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:19 . 2012-06-24 16:02 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 16:02 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 16:01 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 16:01 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-24 16:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-24 16:02 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-24 16:01 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-24 16:01 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-06-24 16:01 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 00:04 . 2012-07-11 16:13 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-07-11 16:13 204288 ----a-w- c:\windows\system32\ncrypt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"QUBEE WCM"="c:\program files\QUBEE WCM\QUBEE WCM.exe" [2010-06-25 798720]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-14 820520]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-04-10 321072]

"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]

"RPT Msgsrv"="c:\program files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe" [2007-04-11 57344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Job Status Utility.lnk - c:\program files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe [2008-6-24 147456]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-18 50688]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-9-23 169472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]

2010-10-12 16:08 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google Update"="c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]

R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:47]

.

2012-08-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 23:54]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7aec95b5ec60.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 21:16]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 21:16]

.

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cab612236fd982.job

- c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 19:50]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cc8dc88cb16ea1.job

- c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 19:50]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000UA.job

- c:\users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 19:50]

.

2009-11-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2009-11-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]

.

2012-08-14 c:\windows\Tasks\User_Feed_Synchronization-{DB1F06DB-C5AA-402C-8CD5-553AAD0E9856}.job

- c:\windows\system32\msfeedssync.exe [2012-06-14 03:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-CouponBar5.0.0.5 - c:\program files\Coupons.com CouponBar\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-14 17:10

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,c5,db,61,b5,50,2f,44,95,81,5b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,c5,db,61,b5,50,2f,44,95,81,5b,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(10484)

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe

c:\program files\LENOVO\HOTKEY\TPHKSVC.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\LENOVO\HOTKEY\tposdsvc.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\atashost.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\QUBEE WCM\GPCommonService.exe

c:\program files\LENOVO\VIRTSCRL\lvvsst.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\lxddcoms.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Panasonic\TrapMonitor\Trapmnnt.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

c:\windows\system32\ptumlcmsvc.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2012-08-14 17:26:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-14 21:24

ComboFix2.txt 2012-08-13 19:35

.

Pre-Run: 7,050,407,936 bytes free

Post-Run: 6,835,748,864 bytes free

.

- - End Of File - - C9DF207C9CC9C4C60F32A3597F3F6CFF

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.