My computer developed some problems while I was removing Norton Antivirus software in order to install Panda. This took a lot of work but I got it sorted. However there are still some problems I can't root out.
The main problem is, I am unable to access the registry. When I try regedit the computer says registry editing has been disabled by the administrator.
Here is my Hijack this logfile. Any advice would be much appeciated.
ps. If you see any other unwanted items please let me know about these also.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:32:48, on 12/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.ex e
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\conime.exe
c:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\RunOnce: [AFixOldWscUnreg] C:\Windows\Temp\PSPPK2\HFSetup4.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [dc2k5] C:\Windows\SVIQ.EXE
O4 - HKCU\..\Run: [dc] C:\Windows\dc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLa uncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13927 bytes
![]() |
|
|||||||
| [Pending] HJT Logs - Computer does not recognise me as admin. posted in the Security & Safety forums; My computer developed some problems while I was removing Norton Antivirus software in order to install Panda. This took a lot of work but I got it sorted. However there ... |
|
|
|
#1 |
|
New Poster
Join Date: Oct 2009
Posts: 2 PC Experience: Beginner
|
|
|
|
|
| Advertisement - Register to Remove | |
|
|
|
#2 |
|
Mod/Tech Support Staff
![]() ![]() Join Date: Oct 2007
Location: second star to right,and straight on till morning
Posts: 2,065 PC Experience: I will learn this stuff if it kills me
|
Hello jp_fal and welcome to the PCHF
Our security team will be with you as soon as possible.....thanks for your patience
__________________
Saving a life, one good reason to join the PCHF WCG Team... Voodoostarz / PCHFRules /Prework "Found an answer elsewhere; we would appreciate your input to help others who may have a similar problem" If you need help;just ask!
|
|
|
|
|
|
#3 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,861 PC Experience: Elite PC Guru
|
I see the culprits.....
Please download Malwarebytes' Anti-Malware from one of these places: |MG| Malwarebytes Anti-Malware 1.41 Download Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log. PLEASE NOTE: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem. ================================================== =================================== You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop It is important that it is saved and renamed following this process directly to your desktop** Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click on ComFx.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. ![]() Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: ![]() Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply. Caution..... Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.
__________________
My real name is Eddy
Last edited by Pancake; 10-12-2009 at 03:30 AM. |
|
|
|
|
|
#4 |
|
New Poster
Join Date: Oct 2009
Posts: 2 PC Experience: Beginner
|
SUCCESS
![]() many thanks. Malwarebytes got my registry & task manager back working again. I ran combofix just to be on the safe side. Here's the log if you're curious but I think everything is okay now. Thanks again ![]() ComboFix 09-10-11.03 - ***** 12/10/2009 22:43.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2008.911 [GMT 1:00] Running from: c:\users\*****\Desktop\ComFx.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2707268345-353831247-3212873955-500 c:\windows\Installer\1581c.msi Q:\AUTORUN.INF S:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))) . 2009-10-12 21:58 . 2009-10-12 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-12 21:39 . 2009-10-12 21:39 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS 2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes 2009-10-12 20:47 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\programdata\Malwarebytes 2009-10-12 20:47 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-05 22:18 . 2009-10-05 22:19 -------- d-----w- c:\users\*****\AppData\Roaming\CopyTransDoctor 2009-10-05 22:16 . 2009-10-05 22:16 -------- d-----w- c:\users\*****\AppData\Roaming\CopyTrans 2009-10-02 22:46 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-16 04:16 . 2009-09-16 04:16 -------- d-----w- c:\users\*****\AppData\Roaming\Intel 2009-09-13 07:31 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-13 07:31 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-13 07:31 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-13 07:31 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-13 07:31 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-13 07:31 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-13 07:31 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-13 07:31 . 2009-08-14 17:01 220232 ----a-w- c:\windows\system32\drivers\netio.sys 2009-09-13 07:31 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-13 07:31 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-13 07:30 . 2009-08-14 17:01 900168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-13 07:30 . 2009-08-14 17:01 98376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2009-09-13 07:30 . 2009-08-14 16:23 438272 ----a-w- c:\windows\system32\IKEEXT.DLL 2009-09-13 07:30 . 2009-08-14 16:22 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2009-09-13 07:30 . 2009-08-14 16:21 328704 ----a-w- c:\windows\system32\BFE.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-10-12 22:00 . 2008-12-04 02:24 2981 ----a-w- c:\windows\bthservsdp.dat 2009-10-12 21:21 . 2009-06-27 00:53 -------- d-----w- c:\users\*****\AppData\Roaming\Skype 2009-10-12 19:45 . 2009-06-27 00:55 -------- d-----w- c:\users\*****\AppData\Roaming\skypePM 2009-10-12 07:42 . 2009-08-12 08:20 680 ----a-w- c:\users\*****\AppData\Local\d3d9caps.dat 2009-10-05 22:17 . 2009-09-08 01:10 -------- d-----w- c:\users\*****\AppData\Roaming\WindSolutions 2009-09-13 07:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-13 07:30 . 2008-12-04 03:08 -------- d-----w- c:\programdata\Microsoft Help 2009-09-08 01:10 . 2009-09-08 01:10 -------- d-----w- c:\program files\WindSolutions 2009-09-08 01:10 . 2009-09-08 01:10 -------- d-----w- c:\programdata\WindSolutions 2009-09-07 00:26 . 2009-09-07 00:25 -------- d-----w- c:\program files\MagicDVDRipper 2009-09-05 10:06 . 2009-07-12 12:47 -------- d-----w- c:\users\*****\AppData\Roaming\vlc 2009-09-04 06:49 . 2009-09-04 06:49 -------- d-----w- c:\programdata\WindowsSearch 2009-09-03 09:33 . 2009-09-03 09:33 -------- d-----w- c:\programdata\Panda Software 2009-09-03 00:33 . 2009-09-03 00:33 249 ----a-w- c:\windows\system32\PavCPL.dat 2009-09-03 00:30 . 2009-09-03 00:30 -------- d-----w- c:\users\*****\AppData\Roaming\Panda Security 2009-09-03 00:30 . 2008-12-04 02:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-03 00:30 . 2009-09-03 00:30 -------- d-----w- c:\programdata\Panda Security 2009-09-03 00:30 . 2009-09-03 00:30 -------- d-----w- c:\program files\Panda Security 2009-09-03 00:25 . 2009-04-20 23:10 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-02 23:59 . 2009-09-02 23:59 -------- d-----w- c:\program files\Trend Micro 2009-08-28 12:39 . 2009-09-06 03:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-06 03:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-19 01:21 . 2009-08-19 01:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-08-15 04:16 . 2009-07-27 06:24 -------- d-----w- c:\users\*****\AppData\Roaming\dvdcss 2009-07-18 16:06 . 2009-08-02 02:40 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-08-02 02:40 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-08-02 02:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-08-13 00:20 71680 ----a-w- c:\windows\system32\atl.dll 2008-12-04 02:07 . 2008-12-04 02:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}] 2009-03-10 10:47 2079256 ----a-w- c:\program files\Softonic_English\tbSoft.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-06-27 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler .exe" [2009-09-05 108080] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-09-04 60192] "TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2009-09-05 54560] "SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2009-09-05 2701880] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-07-11 145944] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424] "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe " [2007-04-26 120368] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208] "CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-10-07 16384] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392] "ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768] "TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-01-05 558360] "WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-01-15 58648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-09-05 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-05 292136] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920] "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-8-26 752168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{4C48F580-ECA4-4435-BC81-05AC5C36701B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{70EBB093-B323-439E-AE5E-35B0013D034E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{67C4F444-24CF-476B-958E-238A861A2492}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0F3EE6FE-D216-41B2-B6B7-1E3819C080DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F222F8F3-CF48-4E37-AC31-C2A5319AE074}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{11C49B34-A025-45C4-95BA-C04A488C755B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{26E58A11-6436-4366-8553-18D897277D39}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7A6ED855-5D40-4A3B-B0A6-E55311B27B87}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{821DAE26-AB67-4532-ACDE-7DBFB1EA6DC5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F1F73E64-F94E-4F78-B2C1-1BDEC28B7E13}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DDAFA77A-945B-45B3-A187-EE2AEC3D257E}f:\\music\\music.exe"= UDP:f:\music\music.exe:Music "UDP Query User{B5462CAD-EBC1-4CCA-B825-8EA3E5A47D48}f:\\music\\music.exe"= TCP:f:\music\music.exe:Music "TCP Query User{6DB486F0-FAA1-4AF1-BF23-839FF597BEA9}c:\\program files\\intervideo\\windvd\\windvd.exe"= UDP:c:\program files\intervideo\windvd\windvd.exe:WinDVD "UDP Query User{7FC5B638-29B3-4C5D-8AB7-F0EC8913EAEA}c:\\program files\\intervideo\\windvd\\windvd.exe"= TCP:c:\program files\intervideo\windvd\windvd.exe:WinDVD "TCP Query User{161FEBEF-573B-4749-A338-8A3A51D05DCC}f:\\programs\\copytrans_suite_v1.36.e xe"= UDP:f:\programs\copytrans_suite_v1.36.exe:CopyTran s_Suite_v1.36 "UDP Query User{4EE8B2A7-D62E-4FDF-AF69-781C9801FC1B}f:\\programs\\copytrans_suite_v1.36.e xe"= TCP:f:\programs\copytrans_suite_v1.36.exe:CopyTran s_Suite_v1.36 "{CF76E94D-2A79-442C-AC90-D382869668A6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{75345C03-905C-4679-AFBE-2D61A0D0BC49}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F152EF72-A95D-4A1B-9075-7596D812A66D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{648B4FAD-DE15-4AF5-AF35-8542B307CA0E}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E84BFA22-9808-492F-9A14-F681896D7233}"= c:\program files\Skype\Phone\Skype.exe:Skype "{730C14AA-B63B-4412-9165-1D1B49D7E337}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6B8CEC64-B282-485C-B6B7-A4D66540C689}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6235E152-6C1E-464D-AE19-B999C27B003D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4F1B4785-10D9-404F-AD11-A24C3620D21B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{2B78841D-F300-4F16-B9BF-AF0463114AB7}"= c:\program files\Skype\Phone\Skype.exe:Skype "{38BCD9E0-26AF-4976-AC2D-4063B8723167}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A13075D9-1C24-44B4-8C7F-6187E62B58EF}"= c:\program files\Skype\Phone\Skype.exe:Skype "{B558292F-B1FC-403A-867B-297053A091B0}"= c:\program files\Skype\Phone\Skype.exe:Skype "{074373BE-4077-493E-B699-6C863247F46A}"= c:\program files\Skype\Phone\Skype.exe:Skype "{BB0A67E2-A801-4184-96EB-ED0A8D45F217}"= c:\program files\Skype\Phone\Skype.exe:Skype "{CAABBB1E-1F72-418F-AA50-D992876545EC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{30FAE858-7F0F-42B9-A3B8-8C06C9B9D225}"= c:\program files\Skype\Phone\Skype.exe:Skype "{0434C337-EDF0-451C-9654-49D6FD9214F3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{23EBA61F-57DE-4B41-9DDA-29490F52514B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{79C69259-49D2-4785-A54F-922BAD507ED4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{97A75336-D877-4A67-9D74-68ABF4A8BF00}"= c:\program files\Skype\Phone\Skype.exe:Skype "{87377024-0574-442A-81E0-A32830A7499D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C8DABC48-EEBA-42FF-9342-BFEC181C3295}"= c:\program files\Skype\Phone\Skype.exe:Skype "{9ED451B7-2F79-4D18-BEDB-7CAA5D6DE9CC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5A9C32A3-187B-4BE1-BDB2-115C70C48B93}"= c:\program files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"= c:\program files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux "c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\TRUUpdater.exe"= c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater "c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\SwiApiMux.exe"= c:\program files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux "q:\\SWTOOLS\\APPS\\NORTONIS\\US\\Setup.exe"= q:\swtools\APPS\NORTONIS\US\Setup.exe:*:Enabled:ip sec "f:\\Programs\\CopyTrans_Suite_v1.36.exe"= f:\programs\CopyTrans_Suite_v1.36.exe:*:Enabled:ip sec "c:\\Windows\\system32\\Dwm.exe"= c:\windows\system32\Dwm.exe:*:Enabled:ipsec "c:\\Program Files\\iTunes\\iTunes.exe"= c:\program files\iTunes\iTunes.exe:*:Enabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winpnoa.e xe"= c:\users\*****\AppData\Local\Temp\winpnoa.exe:*:En abled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winycvpx. exe"= c:\users\*****\AppData\Local\Temp\winycvpx.exe:*:E nabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winbrau.e xe"= c:\users\*****\AppData\Local\Temp\winbrau.exe:*:En abled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\w10167c.e xe"= c:\users\*****\AppData\Local\Temp\w10167c.exe:*:En abled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\wingoue.e xe"= c:\users\*****\AppData\Local\Temp\wingoue.exe:*:En abled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\fvcy.exe" = c:\users\*****\AppData\Local\Temp\fvcy.exe:*:Enabl ed:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winjcrkv. exe"= c:\users\*****\AppData\Local\Temp\winjcrkv.exe:*:E nabled:ipsec "c:\\Program Files\\Microsoft Games\\Solitaire\\Solitaire.exe"= c:\program files\Microsoft Games\Solitaire\Solitaire.exe:*:Enabled:ipsec "c:\\Program Files\\Lenovo\\PM Driver\\PMHandler.exe"= c:\program files\Lenovo\PM Driver\PMHandler.exe:*:Enabled:ipsec "c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"= c:\program files\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ipsec "c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"= c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe:*:Enabled:ipsec "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= c:\program files\Skype\Plugin Manager\skypePM.exe:*:Enabled:ipsec "c:\\Windows\\system32\\conime.exe"= c:\windows\system32\conime.exe:*:Enabled:ipsec "c:\\Program Files\\Windows Sidebar\\sidebar.exe"= c:\program files\Windows Sidebar\sidebar.exe:*:Enabled:ipsec "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe"= c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe:*:Enabled:ipsec "c:\\Program Files\\Lenovo\\NPDIRECT\\tpfnf7sp.exe"= c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe:*:Enabled:ipsec "c:\\Program Files\\Apoint2K\\Apoint.exe"= c:\program files\Apoint2K\Apoint.exe:*:Enabled:ipsec "c:\\Program Files\\Windows Defender\\MSASCui.exe"= c:\program files\Windows Defender\MSASCui.exe:*:Enabled:ipsec "c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"= c:\program files\Windows Media Player\wmpnscfg.exe:*:Enabled:ipsec "c:\\Windows\\System32\\igfxpers.exe"= c:\windows\System32\igfxpers.exe:*:Enabled:ipsec "c:\\Program Files\\Lenovo\\Rescue and Recovery\\UpdateMonitor.exe"= c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe:*:Enabled:ipsec "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"= c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\vgxq.exe" = c:\users\*****\AppData\Local\Temp\vgxq.exe:*:Enabl ed:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winmhdfus .exe"= c:\users\*****\AppData\Local\Temp\winmhdfus.exe:*: Enabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\crevtb.ex e"= c:\users\*****\AppData\Local\Temp\crevtb.exe:*:Ena bled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\w269453.e xe"= c:\users\*****\AppData\Local\Temp\w269453.exe:*:En abled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\7zS92EC.t mp\\SymNRT.exe"= c:\users\*****\AppData\Local\Temp\7zS92EC.tmp\SymN RT.exe:*:Enabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winifkuf. exe"= c:\users\*****\AppData\Local\Temp\winifkuf.exe:*:E nabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winnqivc. exe"= c:\users\*****\AppData\Local\Temp\winnqivc.exe:*:E nabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winqvwx.e xe"= c:\users\*****\AppData\Local\Temp\winqvwx.exe:*:En abled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winijtyd. exe"= c:\users\*****\AppData\Local\Temp\winijtyd.exe:*:E nabled:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\soiv.exe" = c:\users\*****\AppData\Local\Temp\soiv.exe:*:Enabl ed:ipsec "c:\\Users\\*****\\AppData\\Local\\Temp\\winjnvylj .exe"= c:\users\*****\AppData\Local\Temp\winjnvylj.exe:*: Enabled:ipsec "c:\\Program Files\\Lenovo\\Rescue and Recovery\\br_funcs.exe"= c:\program files\Lenovo\Rescue and Recovery\br_funcs.exe:*:Enabled:ipsec "c:\\Program Files\\Common Files\\Lenovo\\bmgr\\bmgr32.exe"= c:\program files\Common Files\Lenovo\bmgr\bmgr32.exe:*:Enabled:ipsec "c:\\Program Files\\Panda Security\\Panda Antivirus Pro 2009\\IFACE.EXE"= c:\program files\Panda Security\Panda Antivirus Pro 2009\IFACE.EXE:*:Enabled:ipsec "c:\\Program Files\\CONEXANT\\SmartAudio\\SmAudio.exe"= c:\program files\CONEXANT\SmartAudio\SmAudio.exe:*:Enabled:ip sec "c:\\Windows\\ehome\\ehtray.exe"= c:\windows\ehome\ehtray.exe:*:Enabled:ipsec "c:\\Program Files\\Lenovo\\HOTKEY\\TpWAudAp.exe"= c:\program files\Lenovo\HOTKEY\TpWAudAp.exe:*:Enabled:ipsec "c:\\Program Files\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe"= c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe:*:Enabled :ipsec "c:\\Windows\\System32\\hkcmd.exe"= c:\windows\System32\hkcmd.exe:*:Enabled:ipsec R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [03/09/2009 01:28 28544] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20/05/2008 03:12 13480] R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [03/09/2009 01:26 41144] R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sy s [03/09/2009 01:33 49208] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [12/01/2008 02:50 30312] R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/09/2008 07:49 54560] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [03/09/2009 01:26 179640] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [03/09/2009 01:32 28928] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/09/2008 07:49 53325] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [25/05/2008 01:17 520192] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [25/01/2008 03:32 183808] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [04/12/2008 03:32 29736] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [04/12/2008 03:39 112128] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [04/12/2008 03:34 97536] R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 15:29 3658752] R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23/02/2008 00:54 37312] R3 vm331avs;Lenovo EasyCamera;c:\windows\System32\drivers\vm331avs.sy s [04/12/2008 03:30 974336] S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumo n.sys [25/05/2008 00:28 48192] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 17:18 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 17:16 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 17:15 166384] S2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\ AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLa uncher.exe [?] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [25/05/2008 00:28 253952] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 17:18 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 17:15 1120752] S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\System32\drivers\swnc8u90.sys [02/12/2008 11:10 173312] S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\System32\drivers\swumx90.sys [17/11/2008 15:33 145280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ panda REG_MULTI_SZ Gwmsrv . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54] 2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{26EE0FC9-792F-4BAF-92FE-86D178FC36D2}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm . - - - - ORPHANS REMOVED - - - - HKLM-Run-AirCardEnabler - (no file) ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-12 23:03 Windows 6.0.6001 Service Pack 1 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(4556) c:\windows\system32\btncopy.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe c:\program files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe c:\windows\System32\audiodg.exe c:\windows\System32\wlanext.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe c:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe c:\program files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe c:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE c:\program files\Lenovo\PM Driver\PMSveH.exe c:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\System32\drivers\XAudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe . ************************************************** ************************ . Completion time: 2009-10-12 23:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-12 22:12 Pre-Run: 8,718,430,208 bytes free Post-Run: 10,233,937,920 bytes free 361 --- E O F --- 2009-10-12 19:54 |
|
|
|
|
|
#5 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,861 PC Experience: Elite PC Guru
|
Ok.Just a cleanup to do...
======================================== Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the red text in the quotebox below into it: Code:
File::
c:\Users\*****\AppData\Local\Temp\winpnoa.exe
c:\Users\*****\AppData\Local\Temp\winycvpx.exe
c:\Users\*****\AppData\Local\Temp\winbrau.exe
c:\Users\*****\AppData\Local\Temp\w10167c.exe
c:\Users\*****\AppData\Local\Temp\wingoue.exe
c:\Users\*****\AppData\Local\Temp\fvcy.exe
c:\Users\*****\AppData\Local\Temp\winjcrkv.exe
c:\Users\*****\AppData\Local\\Temp\winjcrkv.exe
c:\Users\*****\AppData\Local\Temp\vgxq.exe
c:\Users\*****\AppData\Local\Temp\winmhdfus.exe
c:\Users\*****\AppData\Local\Temp\crevtb.exe
c:\Users\*****\AppData\Local\Temp\w269453.exe
c:\Users\*****\AppData\Local\Temp\winifkuf.exe
c:\Users\*****\AppData\Local\Temp\winnqivc.exe
c:\Users\*****\AppData\Local\Temp\winqvwx.exe
c:\Users\*****\AppData\Local\Temp\winijtyd.exe
c:\Users\*****\AppData\Local\Temp\soiv.exe
c:\Users\*****\AppData\Local\Temp\winjnvylj.exe
c:\windows\Tasks\User_Feed_Synchronization-{26EE0FC9-792F-4BAF-92FE-86D178FC36D2}.job
Folder::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Users\\*****\\AppData\\Local\\Temp\\winpnoa.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winycvpx.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winbrau.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\w10167c.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\wingoue.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\fvcy.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winjcrkv.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\vgxq.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winmhdfus.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\crevtb.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\w269453.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winifkuf.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winnqivc.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winqvwx.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winijtyd.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\soiv.exe"=-
"c:\\Users\\*****\\AppData\\Local\\Temp\\winjnvylj.exe"=-
![]() Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your next reply please. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
My real name is Eddy
|
|
|
|
![]() |
| Bookmarks |
| Tags |
| admin, computer, disabled, hijack this logfile help, logfile, norton security, recognise, regedit, registry error, spyware or virus |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Computer does not recognise Router. | bindo245 | Internet Help | 2 | 08-07-2009 11:17 PM |
| Pending: Computer doesnt recognise modem | ohdannyboy | All other Hardware | 7 | 06-16-2009 12:55 PM |
| Resolved: PC Unable to recognise MBox 2 | ianpwilliams | Sound etc | 11 | 07-17-2008 11:49 AM |
| Fixed: I need admin rights on our computer ... | timmy toad | Windows XP/2000 | 9 | 07-12-2008 01:00 PM |
| How do I get Win XP to recognise my MIDI connection? | ianpwilliams | Windows XP/2000 | 10 | 12-20-2007 09:44 AM |
| Thread Tools | |
| Display Modes | |
|
|



































Linear Mode

