Member Panel

pns1

Hi! I am having some problems with my computer (obviously) and was hoping that you could help me

Basically, my computer caught some sort of virus or trojan or malicious spyware a few days ago and now my computer is very slow and is constantly giving me excessive pop-ups, including Firefox browser pop-ups that continuously open new tabs. I have that annoying yellow triangle in the taskbar that keeps telling me my computer is infected and even my Task Manager has been taken away. I use Windows XP, updated, and I use Internet Explorer 6.0. I have Windows Defender (which has detected a number of things including something called "meredrop" that it categorized as "severe") and I ran Spybot Search and Destroy (which detected copious amounts of other spyware). Also, my Spybot Search and Destroy could fix all entries except for one - the heading was Smithfraud-C and the actual thing that could not be fixed was entitle (SBI $3D8C0DCC) Program Directory C:\Program Files\InetGet2\
This is only the surface, it seems. Every minute that my computer is on, the problems just keep seeming to multiply no matter how many times I try to fix them. I read your pre-work instructions and have posted the 2 logs that DSS generated below. I hope that you can help me! Thanks so much!!!

Deckard's System Scanner v20071014.68
Run by DJ Petro on 2008-06-17 15:25:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-06-17 19:26:03 UTC - RP869 - Deckard's System Scanner Restore Point
3: 2008-06-17 19:23:47 UTC - RP868 - Windows Defender Checkpoint
2: 2008-06-17 08:32:59 UTC - RP867 - Windows Defender Checkpoint
1: 2008-06-17 08:16:54 UTC - RP866 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.58 GiB (less than 15%) free.

-- HijackThis (run as DJ Petro.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:19 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Ad-Aware\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\notes\ntmulti.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\DJ Petro\Application Data\Microsoft\dtsc\27026.exe
C:\WINDOWS\system32\WNSXS~1\wuauclt.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Svconr\Svconr.exe
C:\Documents and Settings\DJ Petro\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\DJ Petro\Application Data\Microsoft\Windows\umitk.exe
C:\Documents and Settings\DJ Petro\Application Data\Microsoft\dtsc\27026.exe
C:\Documents and Settings\DJ Petro\Application Data\Microsoft\dtsc\27026.exe
C:\Program Files\Post-It Notes\PsnLite.exe
C:\PROGRA~1\POST-I~1\PSNGive.exe
C:\Documents and Settings\DJ Petro\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DJ Petro.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bentley College, Waltham, Greater Boston, Massachusetts
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Spyware Guard\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\DJ Petro\Application Data\Microsoft\dtsc\27026.exe
O4 - HKCU\..\Run: [Bsws] "C:\WINDOWS\system32\WNSXS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\DJ Petro\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\DJ Petro\Application Data\Microsoft\Windows\umitk.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post-It Notes\PsnLite.exe
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2ED4F088-F888-464B-AA7F-18F633D4FE27} (BentleyUpdate.BentleyUpdates) - http://deploy.bentley.edu/controls/BentleyUpdate.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://student2.bentley.edu/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149082314203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185231946218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B70D738E-B839-413B-9555-D108643E05B9} (BentleyUpdate07.BentleyUpdates07) - http://deploy.bentley.edu/controls/BentleyUpdate07.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\Software\..\Telephony: DomainName = blue.ad.bentley.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{0194C3A5-9087-4999-AE71-4CCB2FA8D68A}: NameServer = 68.87.71.226,68.87.71.242
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\System\CS2\Services\Tcpip\..\{0194C3A5-9087-4999-AE71-4CCB2FA8D68A}: NameServer = 68.87.71.226,68.87.71.242
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\System\CS3\Services\Tcpip\..\{0194C3A5-9087-4999-AE71-4CCB2FA8D68A}: NameServer = 68.87.71.226,68.87.71.242
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 20632 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R2 smihlp (SMI helper driver) - c:\program files\thinkvantage fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; ThinkVantage Fingerprint Software>
R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Lenovo; PSA Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\ad-aware\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 Multi-user Cleanup Service - c:\notes\ntmulti.exe <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 Pharos Systems ComTaskMaster - "c:\progra~1\pharos~1\core\ctskmstr.exe" <Not Verified; Pharos Systems International; PHAROS>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-06-17 15:24:19 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-17 15:16:13 304 --a------ C:\WINDOWS\Tasks\PMTask.job

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------
2008-06-17 14:19:01 0 dr-h----- C:\Documents and Settings\DJ Petro\Recent
2008-06-17 09:13:08 0 d-------- C:\WINDOWS\??crosoft
2008-06-16 08:16:38 0 d-------- C:\Program Files\??sks
2008-06-15 03:21:02 20480 --a------ C:\WINDOWS\y.exe
2008-06-15 03:21:01 8448 --a------ C:\WINDOWS\xplugin.dll
2008-06-15 03:21:01 9216 --a------ C:\WINDOWS\x.exe
2008-06-15 03:21:01 12544 --a------ C:\WINDOWS\winmgnt.exe
2008-06-15 03:21:01 11520 --a------ C:\WINDOWS\window.exe
2008-06-15 03:21:01 20736 --a------ C:\WINDOWS\winajbm.dll
2008-06-15 03:21:01 24832 --a------ C:\WINDOWS\win64.exe
2008-06-15 03:21:01 22016 --a------ C:\WINDOWS\win32e.exe
2008-06-15 03:21:00 22016 --a------ C:\WINDOWS\waol.exe
2008-06-15 03:21:00 22016 --a------ C:\WINDOWS\users32.exe
2008-06-15 03:21:00 13056 --a------ C:\WINDOWS\systemcritical.exe
2008-06-15 03:21:00 18176 --a------ C:\WINDOWS\olehelp.exe
2008-06-15 03:21:00 20992 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-15 03:21:00 20736 --a------ C:\WINDOWS\cpan.dll
2008-06-15 03:20:59 17152 --a------ C:\WINDOWS\clrssn.exe
2008-06-15 03:20:59 32768 --a------ C:\WINDOWS\avpcc.dll
2008-06-15 03:20:59 24576 --a------ C:\WINDOWS\accesss.exe
2008-06-15 03:18:58 12288 --a------ C:\WINDOWS\msupdate.exe
2008-06-15 03:18:57 13312 --a------ C:\WINDOWS\loader.exe
2008-06-15 03:18:57 31488 --a------ C:\WINDOWS\iedll.exe
2008-06-15 03:11:59 0 d--hs---- C:\WINDOWS\QmVudGxleQ
2008-06-15 02:59:36 0 d-------- C:\Program Files\Trend Micro
2008-06-15 02:52:50 15360 --a------ C:\WINDOWS\time.exe
2008-06-15 02:52:50 8192 --a------ C:\WINDOWS\systeem.exe
2008-06-15 02:52:50 14592 --a------ C:\WINDOWS\svcinit.exe
2008-06-15 02:52:49 15360 --a------ C:\WINDOWS\svchost32.exe
2008-06-15 02:52:49 18432 --a------ C:\WINDOWS\sistem.exe
2008-06-15 02:52:49 23040 --a------ C:\WINDOWS\searchword.dll
2008-06-15 02:52:49 29440 --a------ C:\WINDOWS\rundll16.exe
2008-06-15 02:52:49 11776 --a------ C:\WINDOWS\quicken.exe
2008-06-15 02:52:49 20992 --a------ C:\WINDOWS\qttasks.exe
2008-06-15 02:52:48 17664 --a------ C:\WINDOWS\notepad32.exe
2008-06-15 02:52:48 13824 --a------ C:\WINDOWS\mswsc20.dll
2008-06-15 02:52:48 8448 --a------ C:\WINDOWS\mswsc10.dll
2008-06-15 02:52:47 10240 --a------ C:\WINDOWS\mssys.exe
2008-06-15 02:52:47 32768 --a------ C:\WINDOWS\msspi.dll
2008-06-15 02:52:47 12288 --a------ C:\WINDOWS\msconfd.dll
2008-06-15 02:52:46 27904 --a------ C:\WINDOWS\internet.exe
2008-06-15 02:52:46 18432 --a------ C:\WINDOWS\inetinf.exe
2008-06-15 02:52:46 22528 --a------ C:\WINDOWS\iexplorer.exe
2008-06-15 02:52:45 24832 --a------ C:\WINDOWS\helpcvs.exe
2008-06-15 02:52:45 8960 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-15 02:52:45 26624 --a------ C:\WINDOWS\funny.exe
2008-06-15 02:52:45 16128 --a------ C:\WINDOWS\funniest.exe
2008-06-15 02:52:45 32256 --a------ C:\WINDOWS\explorer32.exe
2008-06-15 02:52:45 9728 --a------ C:\WINDOWS\explore.exe
2008-06-15 02:52:45 28928 --a------ C:\WINDOWS\editpad.exe
2008-06-15 02:52:44 20992 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-15 02:52:44 10240 --a------ C:\WINDOWS\directx32.exe
2008-06-15 02:52:44 17152 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-15 02:52:44 13568 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-15 02:51:44 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\SpeedRunner
2008-06-15 02:40:28 0 d-------- C:\Program Files\Svconr
2008-06-15 02:40:27 0 d-------- C:\Program Files\Spcron
2008-06-15 02:40:23 0 d-------- C:\Program Files\Temporary
2008-06-15 02:35:21 0 d-------- C:\Program Files\mjc
2008-06-15 02:34:23 0 d-------- C:\Program Files\GetPack
2008-06-15 02:34:21 41984 --a------ C:\WINDOWS\mrofinu72.exe
2008-06-15 02:34:07 0 d-------- C:\Program Files\iCheck
2008-06-15 02:34:07 0 d-------- C:\Program Files\GetModule
2008-06-15 02:32:44 0 d-------- C:\Program Files\Outerinfo
2008-06-15 02:32:44 0 d-------- C:\Program Files\Common Files\S?mantec
2008-06-15 02:32:35 0 d-------- C:\WINDOWS\system32\W?nSxS
2008-06-15 02:32:02 41984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-06-15 02:31:51 0 d-------- C:\WINDOWS\system32\pb109
2008-06-15 02:31:51 0 d-------- C:\WINDOWS\system32\hLM
2008-06-15 02:31:51 0 d-------- C:\WINDOWS\system32\dgi
2008-06-15 02:31:51 0 d-------- C:\WINDOWS\system32\3039a
2008-06-15 02:31:49 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-15 02:31:48 0 d-------- C:\Temp
2008-06-15 02:31:18 0 d-------- C:\Program Files\uTorrent
2008-06-15 02:31:09 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-15 02:31:02 90073 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-14 03:06:51 0 d-------- C:\WINDOWS\Join
2008-06-13 23:44:23 229516 --a------ C:\WINDOWS\system32\000070.exe
2008-06-13 23:42:40 209496 --a------ C:\WINDOWS\system32\000080.exe
2008-06-13 10:52:30 214016 --a------ C:\WINDOWS\b148.exe
2008-06-13 10:05:04 95232 --a------ C:\WINDOWS\b152.exe
2008-06-02 14:17:04 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\WinRAR
2008-05-31 00:46:34 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Azureus
2008-05-28 19:42:28 0 d-------- C:\ERDNT
2008-05-28 07:02:06 74240 --a------ C:\WINDOWS\b156.exe
2008-05-26 15:07:48 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\DivX
2008-05-26 02:23:45 0 d-------- C:\Documents and Settings\DJ Petro\.limewire
2008-05-20 14:10:05 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Intel
2008-05-20 14:10:03 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\3M
2008-05-20 14:10:02 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Grisoft
2008-05-20 14:09:36 0 d---s---- C:\Documents and Settings\DJ Petro\UserData
2008-05-20 14:09:36 0 d--h----- C:\Documents and Settings\DJ Petro\Templates
2008-05-20 14:09:36 0 dr------- C:\Documents and Settings\DJ Petro\Start Menu
2008-05-20 14:09:36 0 dr-h----- C:\Documents and Settings\DJ Petro\SendTo
2008-05-20 14:09:36 0 d--h----- C:\Documents and Settings\DJ Petro\PrintHood
2008-05-20 14:09:36 3145728 --a------ C:\Documents and Settings\DJ Petro\NTUSER.DAT
2008-05-20 14:09:36 0 d--h----- C:\Documents and Settings\DJ Petro\NetHood
2008-05-20 14:09:36 0 dr------- C:\Documents and Settings\DJ Petro\My Documents
2008-05-20 14:09:36 0 d--h----- C:\Documents and Settings\DJ Petro\Local Settings
2008-05-20 14:09:36 0 dr------- C:\Documents and Settings\DJ Petro\Favorites
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Desktop
2008-05-20 14:09:36 0 d---s---- C:\Documents and Settings\DJ Petro\Cookies
2008-05-20 14:09:36 0 dr-h----- C:\Documents and Settings\DJ Petro\Application Data
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\ThinkVantage
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Sun
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Real
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Mozilla
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Macromedia
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Lenovo
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\InterVideo
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Identities
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Apple Computer
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Aim
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\AdobeUM
2008-05-20 14:09:36 0 d-------- C:\Documents and Settings\DJ Petro\Application Data\Adobe
2008-05-20 13:55:59 0 d-------- C:\Documents and Settings\sysadmin\Application Data\3M
2008-05-20 13:55:44 0 d-------- C:\Documents and Settings\sysadmin\Application Data\Grisoft
2008-05-20 13:55:41 0 d-------- C:\Documents and Settings\sysadmin\Application Data\Intel

-- Find3M Report ---------------------------------------------------------------
2008-08-05 19:41:46 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2008-06-17 04:33:02 0 d-------- C:\Program Files\??sks
2008-06-16 23:32:30 0 d-------- C:\Program Files\NetSnippets
2008-06-15 10:26:30 0 d-------- C:\Program Files\QdrPack
2008-06-15 03:19:31 0 d-------- C:\Program Files\Common Files
2008-06-15 02:33:54 0 d-------- C:\Program Files\Common Files\S?mantec
2008-05-30 01:20:12 0 d-------- C:\Program Files\LimeWire
2008-05-30 00:59:00 0 d-------- C:\Program Files\Post-It Notes
2008-05-20 13:41:45 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-12 06:43:37 68096 --a------ C:\WINDOWS\b155.exe
2008-04-24 15:07:44 0 d-------- C:\Program Files\Craps Gamers
2008-04-14 11:08:18 46592 --a------ C:\WINDOWS\b157.exe
2008-04-09 03:18:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 02:17 PM C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 02:16 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe " [01/25/2006 02:03 AM C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/15/2005 06:19 PM C:\Program Files\Analog Devices\Core\smax4pnp.exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 02:06 PM C:\Program Files\Analog Devices\SoundMAX\SMax4.exe]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [05/17/2007 11:46 AM C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [05/17/2007 11:41 AM C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [11/17/2005 06:22 AM]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [04/25/2006 07:03 PM C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKM GR.exe" [05/10/2006 03:03 PM C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe]
"TpShocks"="TpShocks.exe" [11/07/2005 11:14 AM C:\WINDOWS\system32\TpShocks.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR .DLL" [12/07/2005 05:12 AM C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [12/07/2005 05:12 AM C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL]
"TP4EX"="tp4ex.exe" [10/17/2005 01:11 AM C:\WINDOWS\system32\TP4EX.exe]
"TPKBDLED"="C:\WINDOWS\system32\TpScrLk.exe" [10/08/2002 11:28 PM C:\WINDOWS\system32\TpScrLk.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/28/2005 07:04 PM C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [03/28/2006 04:01 AM C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/01/2005 05:10 AM C:\WINDOWS\system32\DLA\DLACTRLW.EXE]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [04/13/2006 02:05 AM C:\Program Files\Lenovo\AwayTask\AwaySch.EXE]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [05/12/2006 08:15 PM C:\Program Files\Lenovo\Client Security Solution\cssauth.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [07/28/2003 09:43 AM C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/01/2006 05:04 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM C:\Program Files\Windows Defender\MSASCui.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.exe]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" []
"CTFeatureModeUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe" [01/10/2005 11:52 AM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [01/27/2005 11:36 AM C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe]
"CTHelper"="CTHELPER.EXE" [02/17/2005 11:23 AM C:\WINDOWS\CTHELPER.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 03:23 AM C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe]
"PCDrProfiler"="" []
"!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/29/2007 07:33 PM C:\Program Files\Common Files\Symantec Shared\ccApp.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/06/2007 04:25 PM C:\PROGRA~1\SYMANT~1\VPTray.exe]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"configmsi"=cmd /c "rmdir /q C:\config.msi"
"supportdir"=cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs"
C:\Documents and Settings\DJ Petro\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [3/17/2005 2:06:14 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [3/17/2005 2:06:14 PM]
Post-itr Software Notes Lite.lnk - C:\Program Files\Post-It Notes\PsnLite.exe [9/4/2006 4:28:31 PM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Notification Packages"= scecli psqlpwd ACGina
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

-- End of Deckard's System Scanner: finished at 2008-06-17 15:29:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1022.42 MiB / 385.29 MiB
Pagefile Memory (total/avail): 2458.42 MiB / 1714.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.46 MiB
C: is Fixed (NTFS) - 55.89 GiB total, 0.58 GiB free.
D: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - HTS721060G9SA00 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:

-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AV: Symantec AntiVirus Corporate Edition v10.1.6.6010 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\Azureus\\Azureus.exe"="C:\\Prog ram Files\\BitTorrent\\Azureus\\Azureus.exe:*:Enabled: Azureus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communica tor"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Pro gram Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled :Pharos Com Task Master "
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\Azureus\\Azureus.exe"="C:\\Prog ram Files\\BitTorrent\\Azureus\\Azureus.exe:*:Enabled: Azureus"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Pro gram Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled :Pharos Com Task Master "

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DJ Petro\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=0015582D5541
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DJ Petro
LOGONSERVER=\\0015582D5541
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WI NDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\;%C:\WINDOWS%\system32;%C :\WINDOWS%;%C:\WINDOWS%\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\PharosSystems\OutputManagement;C:\Program Files\PharosSystems\Core
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DJPETR~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DJPETR~1\LOCALS~1\Temp
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=0015582D5541
USERNAME=DJ Petro
USERPROFILE=C:\Documents and Settings\DJ Petro
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------
PETRULA_MATT (admin)
Bentley (new local, admin)
bentley (new local, admin)
bentley (new local, admin)
bentley (new local, admin)
Bentley (new local, admin)
Bentley (new local, admin)
DJ Petro (admin)
sysadmin (admin)

-- Add/Remove Programs ---------------------------------------------------------

-- Application Event Log -------------------------------------------------------
Event Record #/Type710 / Error
Event Submitted/Written: 06/17/2008 03:29:00 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Program Files\uTorrent\uTorrent.upx by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:
Event Record #/Type709 / Error
Event Submitted/Written: 06/17/2008 03:29:00 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Downloader in File: c:\documents and settings\dj petro\application data\microsoft\dtsc\27026.exe by: Auto-Protect scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.
Event Record #/Type708 / Error
Event Submitted/Written: 06/17/2008 03:29:00 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Program Files\uTorrent\uTorrent.upx by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:
Event Record #/Type706 / Warning
Event Submitted/Written: 06/17/2008 03:15:36 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}. CoGetObject returned HRESULT 80070005.
Event Record #/Type704 / Warning
Event Submitted/Written: 06/17/2008 03:15:24 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type114732 / Warning
Event Submitted/Written: 06/17/2008 03:28:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%0015582D554127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %0015582D554127 can't undo changes that you allow.
For more information please see the following:
%0015582D5541275
Scan ID: {CE5689F5-5DDC-47A9-A5E7-8DAF4EBB6472}
User: 0015582D5541\DJ Petro
Name: %0015582D5541271
ID: %0015582D5541272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %0015582D5541276
Alert Type: %0015582D5541278
Detection Type: 1.1.1593.02
Event Record #/Type114731 / Warning
Event Submitted/Written: 06/17/2008 03:28:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%0015582D554127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %0015582D554127 can't undo changes that you allow.
For more information please see the following:
%0015582D5541275
Scan ID: {94393A91-2D8C-4442-B170-A741287E0F8C}
User: 0015582D5541\DJ Petro
Name: %0015582D5541271
ID: %0015582D5541272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %0015582D5541276
Alert Type: %0015582D5541278
Detection Type: 1.1.1593.02
Event Record #/Type114730 / Warning
Event Submitted/Written: 06/17/2008 03:28:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%0015582D554127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %0015582D554127 can't undo changes that you allow.
For more information please see the following:
%0015582D5541275
Scan ID: {30311269-B2BE-47D0-8F86-F14368DB1051}
User: 0015582D5541\DJ Petro
Name: %0015582D5541271
ID: %0015582D5541272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %0015582D5541276
Alert Type: %0015582D5541278
Detection Type: 1.1.1593.02
Event Record #/Type114729 / Warning
Event Submitted/Written: 06/17/2008 03:28:34 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%0015582D554127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %0015582D554127 can't undo changes that you allow.
For more information please see the following:
%0015582D5541275
Scan ID: {946F16D1-7C88-43DD-8EFA-661B62F36C16}
User: 0015582D5541\DJ Petro
Name: %0015582D5541271
ID: %0015582D5541272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %0015582D5541276
Alert Type: %0015582D5541278
Detection Type: 1.1.1593.02
Event Record #/Type114728 / Warning
Event Submitted/Written: 06/17/2008 03:28:34 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%0015582D554127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %0015582D554127 can't undo changes that you allow.
For more information please see the following:
%0015582D5541275
Scan ID: {4C160437-DCAE-4D7F-9D29-29A1A4A82E05}
User: 0015582D5541\DJ Petro
Name: %0015582D5541271
ID: %0015582D5541272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %0015582D5541276
Alert Type: %0015582D5541278
Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-06-17 15:29:03 ------------

ih8bills

Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You

Pancake

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

pns1

Hi. I did everything it said about how to run Combofix.exe, however it doesn't seem to run for me. The first time I clicked it, a dos window came up (like the example it shows) except it said something along the lines that the operation could not be performed. Then i double-clicked it again and it said it didn't work on my OS system (even though I have XP and it said it ran on ME or XP). Now everytime I double-click it nothing happens, it never loads. I rebooted and tried again but no luck...any suggestions?

PS I did not run the sdfix.exe because I wasn't sure if that was only supposed to be run after the combofix was run.

A coupe of other things I want to make note of in case it helps. My background was changed from a picture to a blue background that states my computer is infected with spyware and includes a link to scan my PC for spyware. Also, please note that I am getting pop-ups on the FireFox browser, however I have never used FireFix, I always used Internet Explorer. Hope this helps, please let me know if there's anything that can be done

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud