[Inactive] [A] Random audio clips are plaguing me

Broni · Feb 7, 2012

Very well.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

minsey · Feb 7, 2012

ComboFix 12-02-07.01 - Toby 02/07/2012 22:56:27.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2376 [GMT -5:00]
Running from: c:\users\Toby\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Toby\___.tmp
c:\windows\$NtUninstallKB43229$
c:\windows\$NtUninstallKB43229$\4139144665
c:\windows\$NtUninstallKB43229$\4274476570\@
c:\windows\$NtUninstallKB43229$\4274476570\bckfg.tmp
c:\windows\$NtUninstallKB43229$\4274476570\cfg.ini
c:\windows\$NtUninstallKB43229$\4274476570\Desktop.ini
c:\windows\$NtUninstallKB43229$\4274476570\keywords
c:\windows\$NtUninstallKB43229$\4274476570\kwrd.dll
c:\windows\$NtUninstallKB43229$\4274476570\L\xadqgnnk
c:\windows\$NtUninstallKB43229$\4274476570\lsflt7.ver
c:\windows\$NtUninstallKB43229$\4274476570\U\00000001.@
c:\windows\$NtUninstallKB43229$\4274476570\U\00000002.@
c:\windows\$NtUninstallKB43229$\4274476570\U\00000004.@
c:\windows\$NtUninstallKB43229$\4274476570\U\80000000.@
c:\windows\$NtUninstallKB43229$\4274476570\U\80000004.@
c:\windows\$NtUninstallKB43229$\4274476570\U\80000032.@
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 04:04 . 2012-02-08 04:05 -------- d-----w- c:\users\Toby\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 04:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 03:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 15:00 . 2012-02-07 15:00 -------- d-----w- c:\windows\Sun
2012-02-07 12:25 . 2012-02-04 23:40 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com
2012-02-05 06:27 . 2012-02-05 06:27 -------- d-----w- c:\program files\ESET
2012-02-05 06:15 . 2012-02-05 06:15 -------- d-----w- c:\program files\Common Files\Java
2012-02-05 06:14 . 2012-02-05 06:14 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 01:42 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-05 01:41 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-02-05 01:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:39 . 2012-02-05 04:09 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37 . 2012-02-05 01:37 -------- d-----w- c:\users\Toby\AppData\Local\Broadcom
2012-02-05 01:37 . 2012-02-08 02:46 -------- d-----w- c:\users\Toby\AppData\Roaming\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files\Common Files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----r- c:\program files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\programdata\Skype
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 14:15 . 2011-03-18 17:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 178200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-27 240288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 890144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-03-24 292200]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-03-24 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-03 2009704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 132096]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\At1.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At11.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At12.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At13.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At14.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At15.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At16.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At17.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At18.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At19.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At2.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At21.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At23.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At24.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At25.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At26.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At27.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At28.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At29.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At3.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At30.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At31.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At32.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At33.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At34.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At35.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At36.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At37.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At38.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At39.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At4.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At40.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At41.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-08 c:\windows\Tasks\At42.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At43.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-08 c:\windows\Tasks\At44.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At45.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-08 c:\windows\Tasks\At46.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At47.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At48.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At5.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At7.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At9.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uncg.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4896)
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-02-07 23:11:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 04:11
.
Pre-Run: 43,784,572,928 bytes free
Post-Run: 43,805,360,128 bytes free
.
- - End Of File - - 21A9649FD934CDE7B1FE3E5B70CE3C95

Broni · Feb 7, 2012

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\Q2IcLX6bo.com

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

minsey · Feb 7, 2012

ComboFix 12-02-07.01 - Toby 02/07/2012 23:33:51.2.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2187 [GMT -5:00]
Running from: c:\users\Toby\Desktop\ComboFix.exe
Command switches used :: c:\users\Toby\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Q2IcLX6bo.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Q2IcLX6bo.com
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\UNCG.UNCG-EWYELHZU5M\AppData\Local\temp
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 04:38 -------- d-----w- c:\users\Toby\AppData\Local\temp
2012-02-08 03:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 15:00 . 2012-02-07 15:00 -------- d-----w- c:\windows\Sun
2012-02-05 06:27 . 2012-02-05 06:27 -------- d-----w- c:\program files\ESET
2012-02-05 06:15 . 2012-02-05 06:15 -------- d-----w- c:\program files\Common Files\Java
2012-02-05 06:14 . 2012-02-05 06:14 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 01:42 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-05 01:41 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-02-05 01:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:41 . 2012-02-04 23:40 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com_
2012-02-05 01:39 . 2012-02-05 04:09 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37 . 2012-02-05 01:37 -------- d-----w- c:\users\Toby\AppData\Local\Broadcom
2012-02-05 01:37 . 2012-02-08 04:34 -------- d-----w- c:\users\Toby\AppData\Roaming\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files\Common Files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----r- c:\program files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\programdata\Skype
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 14:15 . 2011-03-18 17:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 178200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-27 240288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 890144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-03-24 292200]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-03-24 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-03 2009704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 132096]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At12.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At14.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At16.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At18.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At2.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At24.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At26.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At28.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At30.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At32.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At34.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At36.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At38.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At4.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At40.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At42.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At44.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At46.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At48.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uncg.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2012-02-07 23:40:07
ComboFix-quarantined-files.txt 2012-02-08 04:40
ComboFix2.txt 2012-02-08 04:11
.
Pre-Run: 43,866,247,168 bytes free
Post-Run: 43,593,900,032 bytes free
.
- - End Of File - - C09492930C1941ADAA25A67333343730

Broni · Feb 7, 2012

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\Q2IcLX6bo.com_

At::

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

minsey · Feb 8, 2012

ComboFix 12-02-07.01 - Toby 02/08/2012 2:28.3.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2440 [GMT -5:00]
Running from: c:\users\Toby\Desktop\ComboFix.exe
Command switches used :: c:\users\Toby\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Q2IcLX6bo.com_"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 07:33 . 2012-02-08 07:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-08 07:33 . 2012-02-08 07:33 -------- d-----w- c:\users\UNCG.UNCG-EWYELHZU5M\AppData\Local\temp
2012-02-08 07:33 . 2012-02-08 07:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 07:33 . 2012-02-08 07:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 07:33 -------- d-----w- c:\users\Toby\AppData\Local\temp
2012-02-08 03:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 15:00 . 2012-02-07 15:00 -------- d-----w- c:\windows\Sun
2012-02-05 06:27 . 2012-02-05 06:27 -------- d-----w- c:\program files\ESET
2012-02-05 06:15 . 2012-02-05 06:15 -------- d-----w- c:\program files\Common Files\Java
2012-02-05 06:14 . 2012-02-05 06:14 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 01:42 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-05 01:41 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-02-05 01:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:41 . 2012-02-04 23:40 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com__
2012-02-05 01:39 . 2012-02-05 04:09 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37 . 2012-02-05 01:37 -------- d-----w- c:\users\Toby\AppData\Local\Broadcom
2012-02-05 01:37 . 2012-02-08 07:27 -------- d-----w- c:\users\Toby\AppData\Roaming\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files\Common Files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----r- c:\program files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\programdata\Skype
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 14:15 . 2011-03-18 17:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 178200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-27 240288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 890144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-03-24 292200]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-03-24 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-03 2009704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 132096]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uncg.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(5456)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2012-02-08 02:35:11
ComboFix-quarantined-files.txt 2012-02-08 07:35
ComboFix2.txt 2012-02-08 04:40
ComboFix3.txt 2012-02-08 04:11
.
Pre-Run: 43,540,979,712 bytes free
Post-Run: 43,500,822,528 bytes free
.
- - End Of File - - E0BEA7682764879C9F56FECE35F30340

Broni · Feb 8, 2012

That looks better.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\Q2IcLX6bo.com__

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

minsey · Feb 8, 2012

ComboFix 12-02-07.01 - Toby 02/08/2012 14:36:34.4.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2324 [GMT -5:00]
Running from: c:\users\Toby\Desktop\ComboFix.exe
Command switches used :: c:\users\Toby\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Q2IcLX6bo.com__"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Q2IcLX6bo.com__
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 19:41 . 2012-02-08 19:41 -------- d-----w- c:\users\Toby\AppData\Local\temp
2012-02-08 19:41 . 2012-02-08 19:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-08 19:41 . 2012-02-08 19:41 -------- d-----w- c:\users\UNCG.UNCG-EWYELHZU5M\AppData\Local\temp
2012-02-08 19:41 . 2012-02-08 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 19:41 . 2012-02-08 19:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-08 03:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 15:00 . 2012-02-07 15:00 -------- d-----w- c:\windows\Sun
2012-02-05 06:27 . 2012-02-05 06:27 -------- d-----w- c:\program files\ESET
2012-02-05 06:15 . 2012-02-05 06:15 -------- d-----w- c:\program files\Common Files\Java
2012-02-05 06:14 . 2012-02-05 06:14 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 01:42 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-05 01:41 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-02-05 01:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:39 . 2012-02-05 04:09 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37 . 2012-02-05 01:37 -------- d-----w- c:\users\Toby\AppData\Local\Broadcom
2012-02-05 01:37 . 2012-02-08 16:29 -------- d-----w- c:\users\Toby\AppData\Roaming\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files\Common Files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----r- c:\program files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\programdata\Skype
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 14:15 . 2011-03-18 17:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 178200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-27 240288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 890144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-03-24 292200]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-03-24 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-03 2009704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 132096]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uncg.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 152.13.12.102 152.13.12.101
FF - ProfilePath - c:\users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2012-02-08 14:42:15
ComboFix-quarantined-files.txt 2012-02-08 19:42
ComboFix2.txt 2012-02-08 07:35
ComboFix3.txt 2012-02-08 04:40
ComboFix4.txt 2012-02-08 04:11
.
Pre-Run: 43,515,830,272 bytes free
Post-Run: 43,492,876,288 bytes free
.
- - End Of File - - 4E62257FBA68CC54DC4CB3CF0E12F5D0

Broni · Feb 8, 2012

Good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

minsey · Feb 8, 2012

Things seem well. I haven't heard anymore of the random
audio and my internet connection hasn't seemed slowed at all.

OTL logfile created on: 2/8/2012 3:12:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Toby\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.42 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 60.45% Memory free
6.83 Gb Paging File | 5.61 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.19 Gb Total Space | 40.56 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
Drive D: | 187.59 Gb Total Space | 186.52 Gb Free Space | 99.43% Space Free | Partition Type: NTFS

Computer Name: UNCG-R9F29ZG | User Name: Toby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/08 15:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Toby\Desktop\OTL.exe
PRC - [2011/10/27 20:42:58 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/31 18:31:34 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/03/10 09:22:22 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/03/10 09:22:20 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/03/10 09:22:04 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/03/08 12:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/08 12:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/02/28 08:35:26 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 16:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/02/07 15:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/03 10:01:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/02 21:29:22 | 000,803,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/02/02 20:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/10 16:50:46 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2010/12/18 14:52:02 | 000,890,144 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2010/12/18 14:52:02 | 000,148,768 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2010/12/18 14:52:00 | 003,265,824 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2010/12/18 14:52:00 | 000,664,864 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2010/12/17 13:22:40 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/12/17 13:08:40 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/12/14 14:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/08 12:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/12/03 09:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 11:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/24 15:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/17 16:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 16:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 16:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/06/11 09:01:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/06/11 09:01:52 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/06/11 09:01:50 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/06/11 09:01:50 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/06/11 09:01:48 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 13:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/27 20:42:58 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/31 18:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011/03/24 02:48:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/11 10:55:44 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/12/18 14:52:14 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2010/12/18 14:52:02 | 000,148,768 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/06 08:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 08:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/15 09:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/09 16:56:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/24 02:48:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/03/24 02:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/03/10 09:22:22 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011/03/10 09:22:04 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011/02/18 16:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/02/07 15:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011/02/03 10:01:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/02 20:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/01/10 16:50:46 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010/12/18 14:52:00 | 000,664,864 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/12/17 13:22:40 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/12/17 13:08:40 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/12/03 09:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 11:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 15:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/09/17 16:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 16:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/06/11 09:01:52 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/06/11 09:01:52 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/06/11 09:01:50 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/06/11 09:01:50 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/06/11 09:01:48 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2012/02/03 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/15 12:05:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120205.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 12:05:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120205.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/20 02:48:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/10 15:51:55 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/03/24 02:48:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2011/03/24 02:48:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/03/23 15:27:00 | 000,075,264 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\system32\DRIVERS\risdxc86.sys -- (risdxc)
DRV - [2011/03/11 10:55:52 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2011/03/04 17:14:34 | 000,132,096 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2011/02/09 13:49:54 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011/02/04 12:24:02 | 010,559,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/04 12:24:02 | 000,020,328 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2011/01/13 13:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2011/01/13 13:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011/01/06 12:25:24 | 007,434,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010/12/21 00:29:30 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (MEI) Intel(R)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/06/11 09:01:52 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/06/11 09:01:52 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/06/11 09:01:52 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/06/11 09:01:46 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/06/11 09:01:46 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/11 09:01:46 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/10/21 22:09:02 | 000,028,224 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\tvsuhd32.sys -- (SWI32)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3701962513-1207299313-1526478886-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uncg.edu/
IE - HKU\S-1-5-21-3701962513-1207299313-1526478886-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3701962513-1207299313-1526478886-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uncg.edu/
IE - HKU\S-1-5-21-3701962513-1207299313-1526478886-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.uncg.edu/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Toby\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Toby\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 09:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/10 09:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toby\AppData\Roaming\Mozilla\Extensions
[2012/02/05 00:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/10 10:25:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/01 02:50:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/10 09:15:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/10 09:15:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Toby\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Toby\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Toby\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Toby\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Earth = C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.1_0\

O1 HOSTS File: ([2012/02/08 14:41:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-21-3701962513-1207299313-1526478886-1006..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3701962513-1207299313-1526478886-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3701962513-1207299313-1526478886-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3701962513-1207299313-1526478886-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3701962513-1207299313-1526478886-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3701962513-1207299313-1526478886-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.13.12.102 152.13.12.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D9FE746-BAD5-4670-AEF9-C79251B7E4F8}: DhcpNameServer = 152.13.12.102 152.13.12.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{999C29DA-EB78-4031-89B3-DFD72E916A22}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) -C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulMP3ACM.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

minsey · Feb 8, 2012

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 15:11:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Toby\Desktop\OTL.exe
[2012/02/08 14:42:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/08 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\temp
[2012/02/08 14:35:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/07 22:31:21 | 004,398,288 | R--- | C] (Swearware) -- C:\Users\Toby\Desktop\ComboFix.exe
[2012/02/07 10:00:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/06 17:46:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/06 00:39:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/06 00:39:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/06 00:39:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/06 00:39:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 00:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/05 01:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/05 01:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/05 01:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/05 00:52:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/02/05 00:52:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/04 20:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/04 20:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/04 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Broadcom
[2012/02/04 20:37:14 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Skype
[2012/02/04 20:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/04 20:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/04 20:36:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/02/04 20:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/04 20:30:40 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Malwarebytes
[2012/02/04 20:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/04 20:30:28 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/04 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/04 20:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/01 09:31:04 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Toby\Desktop\TDSSKiller.exe
[2011/05/05 11:30:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/02/08 15:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Toby\Desktop\OTL.exe
[2012/02/08 15:05:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
[2012/02/08 14:41:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/08 11:33:59 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 11:33:59 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 11:33:21 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 11:33:21 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 11:26:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 11:26:31 | 2750,337,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 22:31:09 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\Toby\Desktop\ComboFix.exe
[2012/02/07 18:59:15 | 000,000,512 | ---- | M] () -- C:\Users\Toby\Desktop\MBR.dat
[2012/02/07 18:49:10 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
[2012/02/07 14:01:26 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Toby\Desktop\boot_cleaner.exe
[2012/02/06 21:44:34 | 692,454,980 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/05 14:33:58 | 000,437,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/05 00:45:56 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Toby\Desktop\TDSSKiller.exe
[2012/02/04 20:41:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/04 20:36:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/04 20:30:36 | 000,002,364 | ---- | M] () -- C:\Users\Toby\Desktop\Google Chrome.lnk
[2012/02/04 20:30:29 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:40:54 | 000,000,112 | ---- | M] () -- C:\ProgramData\4Iekk8D.dat

========== Files Created - No Company Name ==========

[2012/02/07 18:59:15 | 000,000,512 | ---- | C] () -- C:\Users\Toby\Desktop\MBR.dat
[2012/02/06 17:46:06 | 692,454,980 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/06 00:39:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/06 00:39:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/06 00:39:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/06 00:39:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/06 00:39:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/04 20:36:54 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/04 20:30:29 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/02 09:34:48 | 000,000,112 | ---- | C] () -- C:\ProgramData\4Iekk8D.dat
[2011/10/29 16:59:10 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/10/29 16:59:10 | 000,138,056 | ---- | C] () -- C:\Users\Toby\AppData\Roaming\PnkBstrK.sys
[2011/10/29 16:58:56 | 000,281,656 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/10/29 16:58:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/22 07:20:52 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/22 07:18:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/10 11:08:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/05/10 10:23:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/05/10 08:48:29 | 000,000,434 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/05 11:30:13 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/05/05 11:30:12 | 000,213,332 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/05/05 11:30:12 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/05/05 11:30:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/05/05 11:30:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/05/05 11:30:05 | 000,030,893 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
[2011/05/05 11:30:05 | 000,001,816 | ---- | C] () -- C:\Windows\System32\drivers\Altmixer.ini
[2011/05/05 11:30:05 | 000,001,372 | ---- | C] () -- C:\Windows\System32\VoipUpdate.ini
[2011/03/24 21:58:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/02 21:29:52 | 000,641,696 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,437,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/27 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\LolClient
[2011/08/20 03:38:29 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\PwrMgr
[2011/10/29 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\SystemRequirementsLab
[2011/10/26 14:46:42 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Ulead Systems
[2009/07/13 23:53:46 | 000,022,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/05/09 20:26:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/08 14:42:16 | 000,015,260 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/08 11:26:31 | 2750,337,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 11:26:34 | 3667,116,032 | -HS- | M] () -- C:\pagefile.sys
[2011/05/10 11:07:47 | 000,000,211 | ---- | M] () -- C:\setup.log
[2012/02/05 00:53:43 | 000,087,698 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_05.02.2012_00.46.04_log.txt
[2012/02/05 01:02:50 | 000,172,440 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_05.02.2012_00.58.23_log.txt
[2011/05/10 10:41:09 | 000,486,790 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 07:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/27 06:31:20 | 000,000,221 | -HS- | M] () -- C:\Users\Toby\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/08/10 15:23:28 | 000,675,440 | ---- | M] (K2 Network, Inc.) -- C:\Users\Toby\Desktop\APBLauncher.exe
[2012/02/07 14:01:26 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Toby\Desktop\boot_cleaner.exe
[2012/02/07 22:31:09 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\Toby\Desktop\ComboFix.exe
[2012/02/08 15:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Toby\Desktop\OTL.exe
[2012/02/05 00:45:56 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Toby\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/09/13 15:27:26 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/09/13 15:27:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/09/13 15:27:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/09/13 15:27:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/09/13 15:27:26 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/09/13 15:27:26 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/13 15:28:46 | 000,000,402 | -HS- | M] () -- C:\Users\Toby\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/02 09:24:52 | 000,000,434 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

minsey · Feb 8, 2012

OTL Extras logfile created on: 2/8/2012 3:12:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Toby\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.42 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 60.45% Memory free
6.83 Gb Paging File | 5.61 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.19 Gb Total Space | 40.56 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
Drive D: | 187.59 Gb Total Space | 186.52 Gb Free Space | 99.43% Space Free | Partition Type: NTFS

Computer Name: UNCG-R9F29ZG | User Name: Toby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{2C5C0BAF-36E4-4FC1-A3DD-A381BA6A409B}" = LoggerPro3
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8591E88B-1E50-45F9-B529-82AE7D588007}" = Firefox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6A34B640-5E75-4EEA-A858-77E5C91D5578}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.96
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.19.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B7BDAF22-9647-4846-8EA9-6E0A5B785651}" = Adobe Flash Player 10 Plugin
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}" = Adobe Flash Player 10 ActiveX
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2C5C0BAF-36E4-4FC1-A3DD-A381BA6A409B}" = Logger Pro 3.8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3701962513-1207299313-1526478886-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2011 1:32:14 PM | Computer Name = UNCG-R9F29ZG | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/6/2011 9:08:22 AM | Computer Name = UNCG-R9F29ZG | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/26/2011 4:10:21 PM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: D:\Downloads\ophcrack-win32-installer-3.3.1.exe.part
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 10/26/2011 4:10:35 PM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: D:\Downloads\ophcrack-win32-installer-3.3.1.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 10/26/2011 9:20:22 PM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: C:\Users\Toby\AppData\Local\Temp\DWH30AE.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 10/28/2011 10:18:33 AM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: C:\Users\Toby\AppData\Local\Temp\DWH40F6.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 10/29/2011 1:16:21 PM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: C:\Users\Toby\AppData\Local\Temp\DWHA4D.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 10/29/2011 1:16:39 PM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: C:\Users\Toby\AppData\Local\Temp\DWHA4D.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 10/29/2011 1:17:00 PM | Computer Name = UNCG-R9F29ZG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: C:\Users\Toby\AppData\Local\Temp\DWH2E71.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 10/29/2011 5:58:24 PM | Computer Name = UNCG-R9F29ZG | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 2/4/2012 9:56:27 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 10:26:53 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 10:27:17 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:12:58 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:16:55 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:17:32 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:23:14 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:23:25 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:23:39 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 2/4/2012 11:25:57 PM | Computer Name = UNCG-R9F29ZG | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

< End of report >

minsey · Feb 9, 2012

Ok, So I am very confident that this issue is solved. I have not received any more
problems. Just have a few quesitons.
Am I totally clean? Can I go ahead remove everything I needed, and back everything up in case I need to restore in the future.

I would also like to thank you very much Broni. I can not describe how annoying this issue was, and I am very happy that you were able to give great assistance to guide me through the process.

Broni · Feb 9, 2012

Good news

We're not totally done yet.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni · Feb 15, 2012

Still with me?

TechSpot

[Inactive] [A] Random audio clips are plaguing me

Broni Malware Annihilator

minsey Newcomer, in training

Broni Malware Annihilator

minsey Newcomer, in training

Broni Malware Annihilator

minsey Newcomer, in training

Broni Malware Annihilator

minsey Newcomer, in training

Broni Malware Annihilator

minsey Newcomer, in training

minsey Newcomer, in training

minsey Newcomer, in training

minsey Newcomer, in training

Broni Malware Annihilator

Broni Malware Annihilator