Jump to content

oaky72

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Borislav. I posted this a few days ago and the post has been deleted. This is were i am upto. Have attached the last combofix file. thanks ComboFix.txt
  2. i have done and completed all steps. i left a donation yesterday, many thanks.
  3. Hi, I am getting an Open file security warning when trying to uninstall combo fix. its asking me to run combofix by the looks of it. cheers
  4. ok done that and all now deleted. please advise. thanks
  5. cant find a folder named application data c:\documents and settings\All Users\Application Data\Symantec System itself seems lot better. no pop ups for digital protection.
  6. File PROCHLP.DLL received on 2010.05.09 17:36:30 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.09 - AhnLab-V3 2010.05.09.00 2010.05.08 - AntiVir 8.2.1.236 2010.05.07 - Antiy-AVL 2.0.3.7 2010.05.07 - Authentium 5.2.0.5 2010.05.09 - Avast 4.8.1351.0 2010.05.09 - Avast5 5.0.332.0 2010.05.09 - AVG 9.0.0.787 2010.05.09 - BitDefender 7.2 2010.05.09 - CAT-QuickHeal 10.00 2010.05.08 - ClamAV 0.96.0.3-git 2010.05.09 - Comodo 4800 2010.05.09 - DrWeb 5.0.2.03300 2010.05.09 - eSafe 7.0.17.0 2010.05.09 - eTrust-Vet None 2010.05.07 - F-Prot 4.5.1.85 2010.05.09 - F-Secure 9.0.15370.0 2010.05.09 - Fortinet 4.1.133.0 2010.05.09 - GData 21 2010.05.09 - Ikarus T3.1.1.84.0 2010.05.09 - Jiangmin 13.0.900 2010.05.09 - Kaspersky 7.0.0.125 2010.05.09 - McAfee 5.400.0.1158 2010.05.09 - McAfee-GW-Edition 2010.1 2010.05.09 - Microsoft 1.5703 2010.05.09 - NOD32 5098 2010.05.09 - Norman 6.04.12 2010.05.09 - nProtect 2010-05-09.01 2010.05.09 - Panda 10.0.2.7 2010.05.09 - PCTools 7.0.3.5 2010.05.07 - Prevx 3.0 2010.05.09 - Rising 22.46.06.04 2010.05.09 - Sophos 4.53.0 2010.05.09 - Sunbelt 6282 2010.05.09 - Symantec 20091.2.0.41 2010.05.09 - TheHacker 6.5.2.0.277 2010.05.09 - TrendMicro 9.120.0.1004 2010.05.09 - TrendMicro-HouseCall 9.120.0.1004 2010.05.09 - VBA32 3.12.12.4 2010.05.06 - ViRobot 2010.5.8.2306 2010.05.08 - VirusBuster 5.0.27.0 2010.05.09 - Additional information File size: 86016 bytes MD5...: eb8b00829956a6db0a483a187e0051ac SHA1..: 55e1fca42790f3350b1001429f92bdeb717f7687 SHA256: 6947c6caab715f10735c97b403aa490bfe8bd7b04e840ddf7e7a6b8e83652bf3 ssdeep: 768:MvVzuiR7qfRX5Thm+mEQGdqxGoBwT4zI5a1IpKoNPtDVCUiB9tz1Gco8tN72 lFQU:MvVF7M6EQbwT4zua1Row/YcglSw0 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x42b8 timedatestamp.....: 0x4495fbf9 (Mon Jun 19 01:20:57 2006) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x9dd6 0xa000 6.58 e605b9323069027a9deb09f0752e90ca .rdata 0xb000 0x14bb 0x2000 4.06 e498ceb68014ad2076d528fcb2dde249 .data 0xd000 0x1108c 0x4000 2.18 9f734fd1b4d9f2f3f0a0e31c3f42d9a1 ._PROCHL 0x1f000 0x3c 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x20000 0x318 0x1000 0.83 1d5073b465021047e54a979af8232118 .reloc 0x21000 0x131a 0x2000 3.12 d625706dc48ef9c8e2907d5330becd2b ( 3 imports ) > KERNEL32.dll: DeleteFileA, OutputDebugStringA, CopyFileA, lstrcatA, GetEnvironmentVariableA, CreateFileA, SetPriorityClass, GetPriorityClass, LocalAlloc, LocalFree, GetExitCodeProcess, WaitForMultipleObjects, Process32Next, Process32First, CreateToolhelp32Snapshot, DeviceIoControl, OpenProcess, Thread32Next, ResumeThread, SuspendThread, Thread32First, CloseHandle, GetProcessAffinityMask, GetModuleFileNameA, CreateThread, TerminateThread, GetExitCodeThread, FreeLibrary, GetProcAddress, LoadLibraryA, QueryPerformanceCounter, QueryPerformanceFrequency, GetProcessTimes, GetThreadTimes, Sleep, GetVersionExA, CreateEventA, SetEvent, ResetEvent, GetLastError, WaitForSingleObject, ExitThread, SetThreadPriority, GetUserDefaultLangID, GetCommandLineA, GetVersion, GetModuleHandleA, EnterCriticalSection, LeaveCriticalSection, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, SetFilePointer, HeapAlloc, InterlockedDecrement, InterlockedIncrement, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, SetStdHandle, RtlUnwind, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers > USER32.dll: GetWindowThreadProcessId, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, wsprintfA > ADVAPI32.dll: ControlService, OpenServiceA, StartServiceA, CreateServiceA, OpenSCManagerA, CloseServiceHandle, DeleteService ( 27 exports ) PH_AddPMonEventCallback, PH_CleanupThread, PH_CloseOptimizedProcess, PH_ConvertProcessTimeToUsage, PH_ConvertSystemTimeToUsage, PH_ConvertThreadTimeToUsage, PH_DelPMonEventCallback, PH_DllCleanup, PH_DllInitialize, PH_FindProcessID, PH_GetConsoleActivity, PH_GetDriverVersion, PH_GetOSVersion, PH_GetProcessEntry, PH_GetProcessListAll, PH_GetProcessTimeInfo, PH_GetProcessUsage, PH_GetSystemTimeInfo, PH_GetSystemUsage, PH_GetThreadTimeInfo, PH_GetThreadUsage, PH_GetVersion, PH_InitializeThread, PH_IsThreadActive, PH_OpenOptimizedProcess, PH_SetActivityCheckParameters, PH_SetOptimizedProcess RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) sigcheck: publisher....: Lenovo Group Limited copyright....: Copyright © Lenovo 2005, 2006 product......: Away Manager description..: IPS Helper DLL original name: PROCHLP.DLL internal name: PROCHLP file version.: 2, 0, 6, 0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
  7. It says File has already been analysed: Do i need to re analyse?
  8. ComboFix 10-05-08.02 - Pauline 09/05/2010 17:48:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.362 [GMT 1:00] Running from: c:\documents and settings\Pauline\Desktop\Combo-Fix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Pauline\Desktop\Digital Protection Support.lnk c:\documents and settings\Pauline\My Documents\registry backup.reg c:\documents and settings\Pauline\Start Menu\Programs\Uninstall.lnk . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-07 19:00 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 19:00 . 2010-05-09 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-07 19:00 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-06 21:30 . 2010-05-06 21:30 -------- d-----w- c:\documents and settings\Pauline\Application Data\Malwarebytes 2010-05-06 21:30 . 2010-05-06 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-05 18:38 . 2010-05-05 18:38 -------- d-sh--w- c:\documents and settings\Pauline\PrivacIE 2010-05-05 18:33 . 2010-05-05 18:33 -------- d-sh--w- c:\documents and settings\Pauline\IETldCache 2010-05-05 17:53 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-05-05 17:27 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll 2010-05-05 17:26 . 2010-05-05 17:26 16883056 ----a-w- C:\IE8-WindowsXP-x86-ENU.exe 2010-05-04 19:12 . 2008-01-21 17:12 41792 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-04 19:12 . 2008-01-21 17:11 22336 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-04 19:12 . 2008-03-04 12:28 79424 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-04 19:12 . 2010-05-04 19:12 -------- d-----w- c:\program files\Avira 2010-05-04 19:12 . 2010-05-04 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-04 13:50 . 2010-05-04 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-04-29 18:14 . 2010-04-29 18:42 -------- d-----w- C:\Back Up Caravan Site 2010-04-26 21:41 . 2010-04-26 21:41 20539 ----a-w- C:\SetRecordsPerPage.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 15:00 . 2008-02-09 16:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-05-08 10:31 . 2008-02-09 16:47 -------- d-----w- c:\program files\Symantec Client Security 2010-05-08 10:19 . 2008-03-03 19:03 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-08 10:18 . 2008-02-09 16:47 -------- d-----w- c:\program files\Symantec 2010-05-08 10:18 . 2008-02-09 16:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-08 10:17 . 2008-02-09 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-05-07 18:45 . 2009-03-26 19:40 -------- d-----w- c:\documents and settings\Pauline\Application Data\uTorrent 2010-05-06 21:57 . 2009-10-31 13:46 -------- d-----w- c:\program files\Trojan Remover 2010-05-05 19:19 . 2009-10-31 13:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-04 13:53 . 2008-02-09 16:48 40 ----a-w- c:\windows\system32\profile.dat 2010-05-01 12:21 . 2010-03-12 19:20 -------- d-----w- c:\documents and settings\Pauline\Application Data\CoreFTP 2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\program files\Microsoft 2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\program files\Windows Live 2010-03-12 19:19 . 2010-03-12 19:19 -------- d-----w- c:\program files\CoreFTP 2010-02-24 12:31 . 2006-04-30 06:55 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 17:35 . 2006-04-30 06:55 2143744 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 16:57 . 2004-08-03 22:59 2021888 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-02 12:04 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:36 . 2006-04-30 06:55 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 11:08 . 2006-04-30 06:56 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 688128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064] "TpShocks"="TpShocks.exe" [2006-03-16 106496] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208] "TP4EX"="tp4ex.exe" [2005-10-17 65536] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-09 30192] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888] "PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\EnjYwyv6S.exe" [2010-05-09 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-19 113664] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-9 24576] EventLogger.lnk - c:\program files\Dual codec internet relative software\cms\EventLogger.exe [2008-7-13 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-04-26 03:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Dual codec internet relative software\\cms\\EventLogger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [14/03/2006 01:05 58368] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [15/07/2006 00:55 3968] R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [26/04/2006 04:00 3456] S1 ghqyadfq;ghqyadfq;\??\c:\windows\system32\drivers\ghqyadfq.sys --> c:\windows\system32\drivers\ghqyadfq.sys [?] S3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [15/03/2009 14:18 36256] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/02/2008 17:41 30192] . Contents of the 'Scheduled Tasks' folder 2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34] 2010-05-09 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-02-09 16:13] 2010-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 21:18] . . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.co.uk/ uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {4AC2F548-B920-4A3E-BBA0-9F13A952D525} - hxxp://www.j2kdvr.com/CAB/JMRemoteSetupWeb.cab DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} - hxxp://www.j2kdvr.com/CAB/RemoteWeb2.cab . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 18:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\tvt_gina.dll c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll c:\program files\Lenovo\Client Security Solution\csswait.dll c:\program files\Common Files\Lenovo\tvt_banner.dll c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll c:\program files\Lenovo\Client Security Solution\tvttsp.dll c:\program files\Lenovo\Client Security Solution\tcsrpc.dll c:\program files\Common Files\Lenovo\tvt_res.dll c:\program files\Bonjour\mdnsNSP.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\VTI.DLL c:\windows\system32\Ati2evxx.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\windows\system32\biologon.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\windows\system32\tphklock.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll c:\program files\Lenovo\AwayTask\AwayNotify.dll - - - - - - - > 'lsass.exe'(1048) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll - - - - - - - > 'explorer.exe'(5580) c:\windows\system32\PROCHLP.DLL c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\netprovcredman.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.EXE c:\windows\system32\TpKmpSVC.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\Ati2evxx.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\wscntfy.exe c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\progra~1\Yahoo!\browser\ycommon.exe c:\progra~1\MI3AA1~1\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2010-05-09 18:15:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-09 17:14 Pre-Run: 4,536,283,136 bytes free Post-Run: 4,647,464,960 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - A5476F340B63C3AE26D5688FFC81E5E0
  9. ok thats now done. here is my new scan log ans dds. Please advise next. thanks. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4082 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 09/05/2010 16:25:50 mbam-log-2010-05-09 (16-25-50).txt Scan type: Quick scan Objects scanned: 131146 Time elapsed: 14 minute(s), 0 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 3 Files Infected: 39 Memory Processes Infected: C:\Documents and Settings\Pauline\Local Settings\Temp\asrkn_pfu.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asrkn_pfu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digital protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> Delete on reboot. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Pauline\Local Settings\Temp\asrkn_pfu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asdC.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asdD.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asdE.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asdF.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asdB.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\dhdhtrdhdrtr5y (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asd8.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asd8D.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asd9.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Local Settings\Temp\asdA.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\about.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\activate.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\buy.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\dig.db (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\digext.dll (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\dighook.dll (Rogue.DigitalProtection) -> Delete on reboot. C:\Program Files\Digital Protection\digprot.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\help.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\scan.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\settings.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\splash.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\Uninstall.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\update.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Program Files\Digital Protection\virus.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Application Data\ARManager\apmanager.exe (Rogue.ARManager) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. DDS.txt
  10. Hi, i dont have a mbam.exe in that folder. regards
  11. Does this mean it ran ok? This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Pauline on 08/05/2010 at 11:35:36. Processes terminated by Rkill or while it was running: C:\DOCUME~1\Pauline\LOCALS~1\Temp\asrkn_pfu.exe C:\Documents and Settings\Pauline\Local Settings\Temporary Internet Files\Content.IE5\ZUPH107H\rkill[1].exe Rkill completed on 08/05/2010 at 11:35:41.
  12. Hi Borislav, Thanks for your reply. I have completed steps 1 & 2. On step 3 i get an error when i check for Updates on Malwarebytes. The error is MBAM_ERROR_UPDATING (12029, 0, WinHttpSendRequest) i have not continued with instructions after this error. Please advise further. Many thanks.
  13. hi there. i have run the scan and using malwarebytes antimalware software. it detects 7 infections and i choose to remove them. when i resetart my laptop the virus is still working. Below is my scan log and DDS log. I have also attached the attach and ark.txt files. any help is appreciated. thanks Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 07/05/2010 20:51:21 mbam-log-2010-05-07 (20-51-21).txt Scan type: Quick scan Objects scanned: 130107 Time elapsed: 11 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Pauline\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Pauline\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Pauline at 19:50:40.78 on 07/05/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.278 [GMT 1:00] AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\DOCUME~1\Pauline\LOCALS~1\Temp\asrkn_pfu.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dual codec internet relative software\cms\EventLogger.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Documents and Settings\Pauline\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.co.uk/ mDefault_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\progra~1\mi3aa1~1\wcescomm.exe" uRun: [asrkn_pfu.exe] c:\docume~1\pauline\locals~1\temp\asrkn_pfu.exe uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe mRun: [TP4EX] tp4ex.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe" mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe" mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventl~1.lnk - c:\program files\dual codec internet relative software\cms\EventLogger.exe uPolicies-system: DisableTaskMgr = 1 (0x1) mPolicies-system: DisableTaskMgr = 1 (0x1) IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {4AC2F548-B920-4A3E-BBA0-9F13A952D525} - hxxp://www.j2kdvr.com/CAB/JMRemoteSetupWeb.cab DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} - hxxp://www.j2kdvr.com/CAB/RemoteWeb2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll Notify: psfus - psqlpwd.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli psqlpwd ACGina ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2010-5-4 11840] R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2005-2-5 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2005-2-5 53896] R2 AntiVirScheduler;Avira AntiVir Personal Attach.zip ark.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.