TechSpot

T61 problems again

By ST Dog
Nov 27, 2011
  1. I thoiugh I fixed all this back in June http://www.techspot.com/vb/topic166708.html

    But I guess something was missed. I noticed in October Firefox was getting sluggish, taking a long time to switch windows/tabs. It's just got worse since.

    *****************
    MBAM.txt
    *******************
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8224

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/27/2011 8:18:15 PM
    mbam-log-2011-11-27 (20-18-15).txt

    Scan type: Quick scan
    Objects scanned: 190252
    Time elapsed: 2 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    DDS.txt
    **********
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Thomas at 20:29:52 on 2011-11-27
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1547 [GMT -6:00]
    .
    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    svchost.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\afasrv32.exe
    C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\TPFanControl\TPFanControl.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\DynDNS Updater\DynDNS.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Set UA String (BHO): {3ce56db6-fcbe-4422-9454-63c354178985} - c:\program files\uapick\UABtn.dll
    BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [DynDNS Updater] "c:\program files\dyndns updater\DynDNS.exe"
    uRun: [DoubleMySpeed Registry Cleaner] "c:\program files\cyberdefender\registry cleaner\CDregclean.exe"
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [TpShocks] TpShocks.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
    mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
    mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [EZEJTRAY] c:\progra~1\thinkpad\utilit~1\EZEJTRAY.EXE
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [TPFanControl] c:\program files\tpfancontrol\TPFanControl.exe
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\uapick\UABtn.dll
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.tscmaps.com/shared/viewer/mgaxctrl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxps://aed-tts-cac.amrdec.army.mil/tts/files2/XUpload.ocx
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
    Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\thomas\application data\mozilla\firefox\profiles\beta\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-23 24304]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-23 13480]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
    R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-6-3 51240]
    R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2011-6-27 65536]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-23 132456]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-26 55152]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-2-22 53248]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 63928]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-27 106104]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111126.007\NAVENG.SYS [2011-11-27 86136]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111126.007\NAVEX15.SYS [2011-11-27 1576312]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 37312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 44984]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S3 gupdate1ca29a6c32e3218;Google Update Service (gupdate1ca29a6c32e3218);c:\program files\google\update\GoogleUpdate.exe [2009-8-30 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-30 133104]
    S3 M3usb;M3CHIP USB;c:\windows\system32\drivers\M3usb.sys [2010-2-20 75347]
    S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2011-6-27 51072]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-1-6 56448]
    S3 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [2007-1-24 7680]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
    .
    =============== Created Last 30 ================
    .
    2011-11-28 01:42:47 24770 ----a-w- c:\windows\cscmondump.bin
    2011-11-27 22:17:06 -------- d-----w- c:\documents and settings\thomas\local settings\application data\LogMeIn Rescue Applet
    2011-11-22 04:27:30 -------- d-----w- c:\documents and settings\thomas\application data\Kana Solution
    2011-11-22 04:27:21 -------- d-----w- c:\program files\DynDNS Updater
    2011-11-20 01:20:25 -------- d-----w- c:\documents and settings\thomas\local settings\application data\tjnet
    2011-11-17 22:05:54 -------- d-----w- c:\documents and settings\all users\application data\magicJack
    2011-11-17 22:04:19 -------- d-----w- c:\documents and settings\thomas\local settings\application data\magicJack
    .
    ==================== Find3M ====================
    .
    2011-11-20 01:21:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-19 02:03:11 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 20:31:01.20 ===============
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Is it the only issue?

    I still need Attach.txt part of DDS and GMER logs.
     
  4. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    That's what I noticed first. But the whole system is slow.
    Usually killing FF will help, though it takes minutes for FF to shut down.
    Restart FF and I'll get a few hours, maybe a day before it's reall slow again.
    Rebooting the system gives the same results.

    It's happening faster now than it was. In October I'd be OK for 3-4 days, now I'm lucky to go a full 24hours.

    Though I added the logs, but I don't see them now.
     
  5. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    GMER.log
    *************
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-27 20:29:21
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.FB1Z
    Running: gmer.exe; Driver: C:\DOCUME~1\Thomas\LOCALS~1\Temp\pwrdipob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    attach.txt
    ************
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/30/2009 6:39:37 PM
    System Uptime: 11/27/2011 7:43:24 PM (1 hours ago)
    .
    Motherboard: LENOVO | |
    Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | None | 1795/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 68 GiB total, 3.234 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP879: 11/23/2011 4:05:36 AM - System Checkpoint
    RP880: 11/23/2011 12:30:55 PM - System Checkpoint
    RP881: 11/24/2011 1:49:19 PM - System Checkpoint
    RP882: 11/25/2011 2:41:16 PM - System Checkpoint
    RP883: 11/26/2011 2:51:24 PM - System Checkpoint
    RP884: 11/27/2011 7:37:37 PM - DoubleMySpeed Registry Cleaner Sun, Nov 27, 11 19:37
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    1.0
    Access Help
    ActivClient CAC x86
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.6
    AllToAVI v4 r5394
    Alt-Tab Task Switcher Powertoy for Windows XP
    Apple Application Support
    Apple Software Update
    AXIS Media Control Embedded
    Bayden UAPick
    Bing Maps 3D
    Bitvise Tunnelier 4.26 (remove only)
    Calculator Powertoy for Windows XP
    Canon iP2600 series
    Choice Guard
    Client Security - Password Manager
    CmdHere Powertoy For Windows XP
    Combined Community Codec Pack 2010-10-10
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    Denemo
    DoubleMySpeed Registry Cleaner
    DynDNS Updater 3.1
    ESET Online Scanner v3
    GNU Privacy Guard
    Google Earth
    Google Update Helper
    Help Center
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2570791)
    Intel PROSet Wireless
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    InterVideo Register Manager
    InterVideo WinDVD
    IrfanView (remove only)
    Java Auto Updater
    Java DB 10.6.2.1
    Java(TM) 6 Update 26
    Java(TM) SE Development Kit 6 Update 26
    jZip
    Korean Fonts Support For Adobe Reader X
    Lenovo System Interface Driver
    Lenovo ThinkVantage Toolbox
    LiveUpdate 3.3 (Symantec Corporation)
    magicJack
    Maintenance Manager
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MEM48U
    Message Center
    Message Center Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MiniTool Power Data Recovery
    MKVtoolnix 2.9.8
    Mozilla Firefox (3.6.16)
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (3.1.11)
    mProSafe
    MS-I/II Download Utility 2.00
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB973688)
    MuseScore 0.9.6 MuseScore score typesetter
    mWlsSafe
    Nero 8
    neroxml
    NetBeans IDE 7.0
    NVIDIA Control Panel 266.58
    NVIDIA Graphics Driver 266.58
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    OGA Notifier 2.0.0048.0
    On Screen Display
    PerfectDisk 11 Professional
    Presentation Director
    Productivity Center Supplement for ThinkPad
    RealPlayer
    Remove Multimedia Center
    Rescue and Recovery
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    SAMSUNG PC Share Manager
    SCR3xxx Smart Card Reader
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Segoe UI
    sfArk
    Sibelius Scorch (Firefox, Opera, Netscape only)
    SimReader 1.4
    Skype™ 5.1
    SoundMAX
    SpywareBlaster 4.4
    SUPERAntiSpyware
    SuperNZB v3.2.1
    Sweet Home 3D
    Symantec Endpoint Protection
    System Migration Assistant
    System Update
    ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Keyboard Customizer Utility
    ThinkPad Modem
    ThinkPad PC Card Power Policy
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Fingerprint Software
    ThinkVantage Productivity Center
    ThinkVantage Technologies Welcome Message
    ThinkVantage Update Retriever
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    TPFanControl v0.62
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    VCRedistSetup
    Virtual Desktop Manager Powertoy for Windows XP
    Wallpapers
    WebFldrs XP
    Windows Driver Package - Intel (NETw5x32) net (03/04/2009 12.4.0.21)
    Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinZip 12.0
    XP Themes
    XPS Essentials Pack
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    BTW, you're running very low on C drive free space:
    You must move some stuff out.
     
  9. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36


    Who'd of thunk 3GB free was "very low".
    Most of my computers had less than 3GB total disk space.

    It'll be next week before I can do much about it. Heading out on business Mon,
     
  10. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    AVG scan running. I've got to hit the hay. I'll post the log in the morning before my flight.
    I will have the computer with me to work on the problem further.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem :)
     
  12. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    aswMBR.txt
    ***************
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-27 22:47:04
    -----------------------------
    22:47:04.750 OS Version: Windows 5.1.2600 Service Pack 3
    22:47:04.750 Number of processors: 2 586 0xF0D
    22:47:04.750 ComputerName: THINKPAD UserName: Thomas
    22:47:07.171 Initialize success
    22:54:06.515 AVAST engine defs: 11112701
    22:55:04.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    22:55:04.937 Disk 0 Vendor: HITACHI_ FB1Z Size: 76319MB BusType: 3
    22:55:04.953 Disk 0 MBR read successfully
    22:55:04.953 Disk 0 MBR scan
    22:55:05.078 Disk 0 unknown MBR code
    22:55:05.078 Disk 0 scanning sectors +156295440
    22:55:05.171 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:55:38.968 Service scanning
    22:55:40.640 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
    22:55:40.640 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
    22:55:40.765 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
    22:55:40.765 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
    22:55:41.328 Modules scanning
    22:55:54.531 Disk 0 trace - called modules:
    22:55:54.546
    22:55:55.625 AVAST engine scan C:\WINDOWS
    22:56:06.890 AVAST engine scan C:\WINDOWS\system32
    22:59:44.093 AVAST engine scan C:\WINDOWS\system32\drivers
    23:00:04.484 AVAST engine scan C:\Documents and Settings\Thomas
    00:02:36.156 AVAST engine scan C:\Documents and Settings\All Users
    00:12:14.093 Scan finished successfully
    04:17:43.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Thomas\My Documents\TV downloads\Malware stuff\T61 prob\T61 logs2\MBR.dat"
    04:17:43.859 The log file has been saved successfully to "C:\Documents and Settings\Thomas\My Documents\TV downloads\Malware stuff\T61 prob\T61 logs2\aswMBR.txt"
     
  13. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    ComboFix.txt
    ****************
    ComboFix 11-11-28.02 - Thomas 11/28/2011 4:24.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1322 [GMT -6:00]
    Running from: c:\documents and settings\Thomas\My Documents\TV downloads\Malware stuff\T61 prob\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\CSC\d6
    c:\windows\system32\IWPDGINA.DLL
    c:\windows\system32\PowerToyReadme.htm
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-28 01:42 . 2011-11-28 01:42 24770 ----a-w- c:\windows\cscmondump.bin
    2011-11-27 22:17 . 2011-11-28 01:48 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\LogMeIn Rescue Applet
    2011-11-22 04:27 . 2011-11-22 04:27 -------- d-----w- c:\documents and settings\Thomas\Application Data\Kana Solution
    2011-11-22 04:27 . 2011-11-28 01:48 -------- d-----w- c:\program files\DynDNS Updater
    2011-11-20 01:20 . 2011-11-20 01:20 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\tjnet
    2011-11-17 22:05 . 2011-11-17 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
    2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\magicJack
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-20 01:21 . 2011-06-08 11:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2006-04-30 07:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-19 02:03 . 2011-09-19 02:03 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 22:00 . 2010-01-16 04:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-24 19:14 . 2009-11-24 19:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2009-11-28 18:10 . 2009-11-28 18:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "DynDNS Updater"="c:\program files\DynDNS Updater\DynDNS.exe" [2006-09-17 1352704]
    "DoubleMySpeed Registry Cleaner"="c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe" [2011-05-13 7298664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-03 513384]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-03-03 208896]
    "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
    "TpShocks"="TpShocks.exe" [2009-12-11 337256]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
    "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-12-01 55048]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
    "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-15 15136]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
    "EZEJTRAY"="c:\progra~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE" [2009-12-01 227904]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
    "TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-29 273544]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-25 607584]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2009-06-03 22:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2009-06-03 22:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-12-01 18:41 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\MegaSquirt\\MS Download 2.00\\gms2dl.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5060:UDP"= 5060:UDP:magicjack
    .
    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [5/23/2010 11:55 AM 24304]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 11:10 AM 20520]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/23/2010 1:50 PM 13480]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 4:16 PM 207400]
    R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 4:16 PM 51240]
    R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [6/27/2011 6:21 PM 65536]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [5/23/2010 11:55 AM 132456]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2/22/2009 8:59 AM 53248]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 12:47 PM 12560]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [7/9/2007 12:23 AM 63928]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/27/2011 9:59 AM 106104]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 37312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/21/2009 7:48 PM 44984]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 4:23 PM 6638080]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 11:51 AM 23888]
    S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    S3 gupdate1ca29a6c32e3218;Google Update Service (gupdate1ca29a6c32e3218);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 1:19 PM 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 1:19 PM 133104]
    S3 M3usb;M3CHIP USB;c:\windows\system32\drivers\M3usb.sys [2/20/2010 3:58 PM 75347]
    S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [6/27/2011 7:39 PM 51072]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 11:19 PM 56448]
    S3 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 10:42 AM 14088]
    S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [1/24/2007 2:01 AM 7680]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 12:56 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 6:21 AM 92592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-30 19:19]
    .
    2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-30 19:19]
    .
    2011-11-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-565364128-1853655877-392857975-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    2011-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-565364128-1853655877-392857975-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\beta\
    FF - prefs.js: browser.startup.homepage - about:blank
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-28 04:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\documents and settings\Thomas\Application Data\CyberDefender\Registry Cleaner\cdrcupdate.ini 0 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1888)
    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    c:\program files\ActivIdentity\ActivClient\aclog.dll
    c:\program files\ActivIdentity\ActivClient\accrypto.dll
    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
    c:\program files\ActivIdentity\ActivClient\acevtsub.dll
    c:\program files\ActivIdentity\ActivClient\asphat32.dll
    c:\program files\ActivIdentity\ActivClient\acerrmes.dll
    c:\program files\ActivIdentity\ActivClient\aiwinext.dll
    c:\program files\ActivIdentity\ActivClient\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\program files\ActivIdentity\ActivClient\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\aicext.dll
    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
    .
    - - - - - - - > 'lsass.exe'(1948)
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    .
    - - - - - - - > 'explorer.exe'(3976)
    c:\windows\system32\WININET.dll
    c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
    c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Intel\WiFi\bin\WLKeeper.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\System32\SCardSvr.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\windows\system32\acs.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\windows\system32\IoctlSvc.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Symantec\Symantec Endpoint Protection\DoScan.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SavUI.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\TpShocks.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files\Synaptics\SynTP\SynTPLpr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lenovo\Client Security Solution\password_manager.exe
    c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-28 04:51:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-28 10:51
    .
    Pre-Run: 3,376,144,384 bytes free
    Post-Run: 3,421,126,656 bytes free
    .
    - - End Of File - - 243D7901B23F6F8F7FE33388C1FF3779
     
  14. ST Dog

    ST Dog TS Rookie Topic Starter Posts: 36

    oops. already posted that.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    All looks clean.

    Since the issue is concerning Firefox only I suggest you start new topic in appropriate forum.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...