Inactive Start menu program list not active

L

LaurieL

Posts: 12   +1
When I click Start>Programs, I see all my programs but cannot select anything. Google results are related to registry fixes, then I landed on your forum. Followed the five steps, logs listed below or to follow. Appreciate any guidance!
Laurie

MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.06.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
llittle :: WTWWS12 [administrator]
Protection: Enabled
11/6/2012 4:10:43 PM
mbam-log-2012-11-06 (16-10-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 468943
Time elapsed: 1 hour(s), 49 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-07 09:25:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 Hitachi_HDT721025SLA380 rev.STBOA39A
Running: b42r1e0w.exe; Driver: C:\DOCUME~1\llittle\LOCALS~1\Temp\kfddqpob.sys

---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice tvtumon.sys (Windows Update Monitor Driver/Lenovo)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

DDS.TXT:

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by llittle at 9:26:52 on 2012-11-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.545 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe
C:\Documents and Settings\llittle\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iViewSystems\iTrak Server\iView.iTrak.Alerts.Service.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.TRACKER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe
C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Dental\Tracker\Resolver\TBNResolverService.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\llittle\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Macro Express\macexp.EXE
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\Documents and Settings\llittle\Desktop\PureText.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://webmail.primus.ca/
uInternet Connection Wizard,ShellNext = ftp://ftp.bridge-network.com/
uProxyOverride = 127.0.0.1:9421;<local>
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 6\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 6\SnagItIEAddin.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\llittle\local settings\application data\akamai\netsession_win.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LenovoFSC] c:\program files\lenovo\fanspeedcontrol\LenovoFSC.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PWRAGD] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\lenovo\lenovo~2\LPMLCHK.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 8\acrobat\Acrobat_sl.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\llittle\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\E-mail.lnk -
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\freewh~1.lnk - c:\program files\freewheel\FreeWheel.exe
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\iexplore.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\macroe~1.lnk - c:\program files\macro express\macexp.EXE
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\puretext.lnk - c:\documents and settings\llittle\desktop\PureText.exe
StartupFolder: c:\docume~1\llittle\startm~1\programs\startup\xplore~1.lnk - c:\program files\zabkat\xplorer2_lite\xplorer2_lite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows live\messenger\msnmsgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: wtwws12
DPF: {0449A3DB-050C-4895-9236-D9B11778459B} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinterVig.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1C3BCA65-862B-4827-A9D1-6F52C1C4BAF6} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/Benson.CAB
DPF: {22DF4EEF-95DC-4E41-891A-E048FE087980} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/PB100.CAB
DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://dev.medgate.com/crystalreportviewers11/ActiveXControls/ActiveXViewer.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.logging.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxps://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D609A755-3A7F-4F1E-BC04-B485A83A08FA} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/Earscan.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://iso-office.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E180C716-E689-4BEB-8DBF-DFCDADD94DAB} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/CA850.CAB
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: Interfaces\{29A780AB-B9C4-4B59-A14B-AA9AA109B844} : NameServer = 192.168.5.5
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\llittle\application data\mozilla\firefox\profiles\uhzmgv37.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - file:///F:/Wiki/wtw_wiki.html
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
FF - component: c:\documents and settings\llittle\application data\mozilla\firefox\profiles\uhzmgv37.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\documents and settings\llittle\application data\mozilla\firefox\profiles\uhzmgv37.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\llittle\application data\mozilla\firefox\profiles\uhzmgv37.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_37.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-6-27 82472]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-6-27 120744]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-6-27 122664]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-6-27 93992]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-6-27 104104]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-6-27 286376]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-6-27 153000]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-6-27 106536]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-7-12 206632]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-6-27 92840]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2012-7-13 179112]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 ClickFreeCFNetAgentService;ClickFreeCFNetAgentService;c:\documents and settings\all users\application data\officeguardianc3\reminder\CFNetAgent.exe [2010-6-25 208896]
R2 ClickFreeFirewallSettingService;ClickFreeFirewallSettingService;c:\documents and settings\all users\application data\officeguardianc3\reminder\FireWallSetting.exe [2010-6-25 180224]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\llittle\local settings\application data\crossloop\CrossLoopService.exe [2011-2-17 560848]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2009-6-23 171872]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-11-12 163680]
R2 iTrakAlertService;iTrakAlertService;c:\program files\iviewsystems\itrak server\iView.iTrak.Alerts.Service.exe [2012-4-23 24576]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-6 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-6 676936]
R2 MSSQL$TRACKER;SQL Server (TRACKER);c:\program files\microsoft sql server\mssql10_50.tracker\mssql\binn\sqlservr.exe [2011-4-24 42872672]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-7-13 140064]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-7-13 149032]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-7-13 101544]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-7-13 114728]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-7-13 120616]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-7-13 36640]
R2 RSO3MiddleTierService;RSO3 MiddleTier Service;c:\program files\adobe\adobe robosource control 3.1\RSO3MiddleTierService.exe [2007-9-20 28672]
R2 RSO3Server;RSO3 Server Service;c:\program files\adobe\adobe robosource control 3.1\RSO3Server.exe [2007-9-20 507904]
R2 TBNResolver;TBN Peer Resolver;c:\dental\tracker\resolver\TBNResolverService.exe [2008-6-5 7168]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-6 22856]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2012-7-25 46280]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2008-3-6 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-11-19 37184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 iTrakServer;iTrak Server;c:\program files\iviewsystems\itrak server\iTrakServerService.exe [2012-4-23 24576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ClickFreeC3WifiCfgService;ClickFreeC3WifiCfgService;c:\documents and settings\all users\application data\officeguardianc3\C3WiFiCfg.exe [2010-6-25 315392]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [2011-9-9 38536]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 tvnserver;TightVNC Server;c:\documents and settings\llittle\local settings\application data\crossloop\tvnserver.exe [2011-2-17 814080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2012-6-27 51496]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$TRACKER;SQL Server Agent (TRACKER);c:\program files\microsoft sql server\mssql10_50.tracker\mssql\binn\SQLAGENT.EXE [2011-4-24 367456]
.
=============== File Associations ===============
.
ShellExec: wpubfm.exe: open=c:\program files\quadralay\webworks publisher 2003 for framemaker\bin\wpubfm.exe
.
=============== Created Last 30 ================
.
2012-11-06 20:50:44 -------- d-----w- c:\documents and settings\llittle\application data\Malwarebytes
2012-11-06 20:50:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-06 20:50:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 20:50:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-06 18:33:19 -------- d-----w- c:\program files\Tracker Work
2012-10-23 13:50:13 -------- d-----w- c:\program files\Inpaint
2012-10-10 13:39:46 605696 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2012-10-10 13:39:46 605696 ----a-w- c:\windows\system32\getuname.dll
2012-10-10 13:39:44 80384 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2012-10-10 13:39:44 80384 ----a-w- c:\windows\system32\charmap.exe
.
==================== Find3M ====================
.
2012-11-05 20:03:08 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-10-09 03:34:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 03:34:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 19:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 9:29:44.23 ===============
 
ATTACH.TXT LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2009 12:28:28 PM
System Uptime: 10/12/2012 3:30:08 PM (618 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel Pentium III Xeon processor | CPU 1 | 1592/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 152.954 GiB free.
D: is CDROM ()
F: is NetworkDisk (NTFS) - 35 GiB total, 3.085 GiB free.
H: is NetworkDisk (NTFS) - 35 GiB total, 3.085 GiB free.
I: is Removable
P: is NetworkDisk (NTFS) - 35 GiB total, 3.085 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP984: 8/9/2012 8:38:21 PM - System Checkpoint
RP985: 8/10/2012 9:38:22 PM - System Checkpoint
RP986: 8/11/2012 10:38:20 PM - System Checkpoint
RP987: 8/12/2012 11:38:21 PM - System Checkpoint
RP988: 8/14/2012 12:38:23 AM - System Checkpoint
RP989: 8/14/2012 10:51:13 AM - Installed Tracker Server
RP990: 8/14/2012 10:57:39 AM - Installed Tracker Client
RP991: 8/14/2012 11:33:03 AM - Installed Tracker Client
RP992: 8/15/2012 3:43:41 PM - System Checkpoint
RP993: 8/16/2012 3:44:49 PM - System Checkpoint
RP994: 8/17/2012 2:05:55 PM - Software Distribution Service 3.0
RP995: 8/18/2012 2:26:36 PM - System Checkpoint
RP996: 8/19/2012 3:26:31 PM - System Checkpoint
RP997: 8/20/2012 4:26:31 PM - System Checkpoint
RP998: 8/21/2012 5:26:31 PM - System Checkpoint
RP999: 8/22/2012 6:26:32 PM - System Checkpoint
RP1000: 8/23/2012 7:26:35 PM - System Checkpoint
RP1001: 8/24/2012 8:26:33 PM - System Checkpoint
RP1002: 8/25/2012 9:26:33 PM - System Checkpoint
RP1003: 8/26/2012 9:27:39 PM - System Checkpoint
RP1004: 8/27/2012 10:26:34 PM - System Checkpoint
RP1005: 8/28/2012 11:26:35 PM - System Checkpoint
RP1006: 8/30/2012 12:26:36 AM - System Checkpoint
RP1007: 8/31/2012 1:26:36 AM - System Checkpoint
RP1008: 9/1/2012 2:26:36 AM - System Checkpoint
RP1009: 9/2/2012 3:26:40 AM - System Checkpoint
RP1010: 9/3/2012 4:26:38 AM - System Checkpoint
RP1011: 9/4/2012 5:26:38 AM - System Checkpoint
RP1012: 9/5/2012 6:26:40 AM - System Checkpoint
RP1013: 9/6/2012 7:26:42 AM - System Checkpoint
RP1014: 9/7/2012 8:26:40 AM - System Checkpoint
RP1015: 9/8/2012 9:26:41 AM - System Checkpoint
RP1016: 9/9/2012 10:26:41 AM - System Checkpoint
RP1017: 9/10/2012 10:42:11 AM - System Checkpoint
RP1018: 9/11/2012 5:01:26 PM - System Checkpoint
RP1019: 9/12/2012 5:26:44 PM - System Checkpoint
RP1020: 9/13/2012 6:07:41 PM - System Checkpoint
RP1021: 9/14/2012 9:37:39 AM - Software Distribution Service 3.0
RP1022: 9/15/2012 10:07:41 AM - System Checkpoint
RP1023: 9/16/2012 12:07:41 PM - System Checkpoint
RP1024: 9/17/2012 4:37:29 PM - System Checkpoint
RP1025: 9/18/2012 4:56:19 PM - System Checkpoint
RP1026: 9/19/2012 5:07:47 PM - System Checkpoint
RP1027: 9/20/2012 6:07:45 PM - System Checkpoint
RP1028: 9/21/2012 7:07:45 PM - System Checkpoint
RP1029: 9/22/2012 7:43:46 PM - System Checkpoint
RP1030: 9/23/2012 9:07:45 PM - System Checkpoint
RP1031: 9/24/2012 10:04:00 AM - Software Distribution Service 3.0
RP1032: 9/25/2012 12:59:16 PM - System Checkpoint
RP1033: 9/26/2012 4:08:26 PM - System Checkpoint
RP1034: 9/27/2012 4:44:33 PM - System Checkpoint
RP1035: 9/28/2012 4:59:28 PM - System Checkpoint
RP1036: 9/29/2012 5:59:28 PM - System Checkpoint
RP1037: 9/30/2012 6:59:28 PM - System Checkpoint
RP1038: 10/1/2012 7:59:33 PM - System Checkpoint
RP1039: 10/2/2012 8:59:35 PM - System Checkpoint
RP1040: 10/3/2012 9:59:32 PM - System Checkpoint
RP1041: 10/5/2012 12:11:33 AM - System Checkpoint
RP1042: 10/6/2012 12:57:30 AM - System Checkpoint
RP1043: 10/7/2012 12:59:31 AM - System Checkpoint
RP1044: 10/8/2012 1:59:30 AM - System Checkpoint
RP1045: 10/9/2012 3:11:32 AM - System Checkpoint
RP1046: 10/10/2012 3:59:32 AM - System Checkpoint
RP1047: 10/11/2012 4:59:35 AM - System Checkpoint
RP1048: 10/12/2012 5:59:34 AM - System Checkpoint
RP1049: 10/12/2012 11:43:13 AM - Software Distribution Service 3.0
RP1050: 10/12/2012 3:26:34 PM - Software Distribution Service 3.0
RP1051: 10/13/2012 4:48:47 PM - System Checkpoint
RP1052: 10/14/2012 5:34:43 PM - System Checkpoint
RP1053: 10/15/2012 6:34:52 PM - System Checkpoint
RP1054: 10/16/2012 2:20:03 PM - Installed Tracker Client
RP1055: 10/17/2012 3:15:07 PM - System Checkpoint
RP1056: 10/18/2012 4:52:37 PM - System Checkpoint
RP1057: 10/19/2012 5:34:48 PM - System Checkpoint
RP1058: 10/20/2012 6:34:45 PM - System Checkpoint
RP1059: 10/21/2012 7:34:45 PM - System Checkpoint
RP1060: 10/22/2012 8:34:56 PM - System Checkpoint
RP1061: 10/23/2012 9:34:49 PM - System Checkpoint
RP1062: 10/24/2012 9:46:06 PM - System Checkpoint
RP1063: 10/25/2012 9:23:29 AM - Installed Java(TM) 6 Update 37
RP1064: 10/26/2012 4:55:19 PM - System Checkpoint
RP1065: 10/27/2012 5:34:50 PM - System Checkpoint
RP1066: 10/28/2012 6:34:52 PM - System Checkpoint
RP1067: 10/29/2012 7:34:57 PM - System Checkpoint
RP1068: 10/30/2012 8:34:57 PM - System Checkpoint
RP1069: 10/31/2012 9:34:52 PM - System Checkpoint
RP1070: 11/1/2012 10:34:59 PM - System Checkpoint
RP1071: 11/2/2012 11:34:58 PM - System Checkpoint
RP1072: 11/3/2012 11:34:51 PM - System Checkpoint
RP1073: 11/5/2012 12:35:07 AM - System Checkpoint
RP1074: 11/6/2012 1:34:53 AM - System Checkpoint
RP1075: 11/6/2012 1:33:08 PM - Installed Tracker Client
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Access Help
Acrobat.com
Adobe Acrobat 3D version 8
Adobe AIR
Adobe Captivate 3
Adobe Download Assistant
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe FrameMaker 8
Adobe FrameMaker 8 p273 Patcher
Adobe FrameMaker 8 p277 Patcher
Adobe FrameMaker v7.0
Adobe InDesign CS5
Adobe Media Player
Adobe PDF Creation Add-On X
Adobe Reader 9.5.2
Adobe RoboHelp 10
Adobe RoboHelp 6.0
Adobe RoboHelp 7
Adobe RoboHelp 7.0.1
Adobe RoboHelp 7.0.2
Adobe RoboHelp 7.0.3
Adobe RoboHelp 8
Adobe RoboHelp 8.0.1
Adobe RoboHelp 8.0.2
Adobe RoboHelp 9
Adobe RoboHelp CSTI Driver
Adobe Setup
Adobe Technical Communication Suite
AnyBizSoft PDF to Word (Build 3.0.0)
Business Contact Manager for Outlook 2007 SP2
Cisco WebEx Meetings
Citrix Presentation Server Client
Client Security - Password Manager
Core FTP LE
Corel Paint Shop Pro X
CrossLoop 2.74
Crystal Report 2008 Runtime SP3
CutePDF Writer 2.8
DIBS
Drag-to-Disc
Dropbox
EFMSSetup
FanSpeedControl
FMSuitePlugin
FreeWheel
GDR 1617 for SQL Server 2008 R2 (KB2494088)
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Help Workshop
iKiosk
Inpaint 4.7
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
iTrak Client
iTrak Server
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 37
Lenovo Care
Lenovo Care Supplement
Lenovo Central
Lenovo Idea Notes
Lenovo Registration
Lenovo System Toolbox
Lenovo Welcome
MadCap Flare V8
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell Miniport Driver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Speech API 5.1
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mouse Suite
Mozilla Firefox (3.5.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Online Data Backup
OpenOffice.org 3.3
Opera 11.11
Optio Dentistry Lite
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
PDF Settings CS5
Realtek High Definition Audio Driver
Rescue and Recovery
RoboSource Control 3.1
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
ScrapIT
SCRAPIT GUI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Click to Call
Skype™ 5.10
SnagIt 6
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Management Studio
Sql Server Customer Experience Improvement Program
StepShot
Suite Shared Configuration CS4
System Update
ThinkVantage Power Manager
ThinkVantage Technologies Welcome Message
Toolbar Cleaner 1.0
Tracker Client
Tracker Server
TSI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
WinZip 14.5
Wondershare PDF Converter (Build 2.6.2)
Wondershare PDF to Word (Build 3.6.0)
XML Paper Specification Shared Components Pack 1.0
XP Themes
xplorer² lite
YouSendIt Express
YouSendIt Plug-in for Outlook
.
==== Event Viewer Messages From Past Week ========
.
11/7/2012 8:57:05 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
11/1/2012 11:17:05 AM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
.
==== End Of File ===========================
 
UPDATE: I deleted a recent utility that I no longer need and restarted, and have my program menu back, but the computer is still running very slowly and apps are not closing properly.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

CapperKiller Scan

The CapperKiller utility is designed for treating the aftermaths of a Trojan-Banker.Win32.Capper infection.

How to use the utility:
  • Download the CapperKiller.exe utility.
  • Run CapperKiller.exe

    9208-1-en.png
  • A reboot may be required after the treatment. Please make sure it reboots, if it asks.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "CapperKiller.[Version]_[Date]_[Time]_log.txt".
  • Please copy and paste its contents on your next reply.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
 
Thanks DMJ. Here's the AdwCleaner log. CapperKiller log to follow.
LL

# AdwCleaner v2.007 - Logfile created 11/08/2012 at 09:22:52
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : llittle - WTWWS12
# Boot Mode : Normal
# Running from : C:\Documents and Settings\llittle\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\Software\Description
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v3.5.9 (en-US)
Profile name : default
File : C:\Documents and Settings\LPearce\Application Data\Mozilla\Firefox\Profiles\izmro3v7.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\llittle\Application Data\Mozilla\Firefox\Profiles\uhzmgv37.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\mfoulds\Application Data\Mozilla\Firefox\Profiles\y7qidscp.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\rlockshin\Application Data\Mozilla\Firefox\Profiles\avrktzz3.default\prefs.js
[OK] File is clean.
-\\ Opera v11.11.2109.0
File : C:\Documents and Settings\LPearce\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Documents and Settings\llittle\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Documents and Settings\mfoulds\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Documents and Settings\ctin\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2440 octets] - [08/11/2012 09:22:52]
########## EOF - H:\AdwCleaner[S1].txt - [2500 octets] ##########
 
CapperKiller log:

09:38:42.0806 5016 Trojan-Banker.Win32.Capper removal tool 1.0.6.0 Oct 26 2012 17:47:38
09:38:43.0197 5016 ============================================================
09:38:43.0197 5016 Current date / time: 2012/11/08 09:38:43.0197
09:38:43.0197 5016 SystemInfo:
09:38:43.0197 5016
09:38:43.0197 5016 OS Version: 5.1.2600 ServicePack: 3.0
09:38:43.0197 5016 Product type: Workstation
09:38:43.0197 5016 ComputerName: WTWWS12
09:38:43.0197 5016 UserName: llittle
09:38:43.0197 5016 Windows directory: C:\WINDOWS
09:38:43.0197 5016 System windows directory: C:\WINDOWS
09:38:43.0197 5016 Processor architecture: Intel x86
09:38:43.0197 5016 Number of processors: 2
09:38:43.0197 5016 Page size: 0x1000
09:38:43.0197 5016 Boot type: Normal boot
09:38:43.0197 5016 ============================================================
09:38:43.0197 5016 Initialize success
09:38:43.0197 5016 ============================================================
09:38:55.0334 5720 ================================================================================
09:38:55.0334 5720 Scan started
09:38:55.0334 5720 ================================================================================
09:38:55.0334 5720 ProcessDriveEnumEx: Drive C:\ type 3:0
09:47:33.0290 5720 ProcessDriveEnumEx: Drive D:\ type 5:0
09:47:33.0290 5720 ProcessDriveEnumEx: Drive F:\ type 4:0
09:47:33.0290 5720 ProcessDriveEnumEx: Drive H:\ type 4:0
09:47:33.0290 5720 ProcessDriveEnumEx: Drive I:\ type 2:0
09:47:33.0540 5720 ProcessDriveEnumEx: Drive P:\ type 4:0
09:47:33.0899 5720 ================================================================================
09:47:33.0899 5720 Scan finished
09:47:33.0899 5720 ================================================================================
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-11-09.02 - llittle 11/09/2012 9:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1052 [GMT -5:00]
Running from: c:\documents and settings\llittle\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\llittle\LOCALS~1\Temp\frw138.tmp
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Live Messenger .lnk
c:\documents and settings\llittle\g2mdlhlpx.exe
c:\documents and settings\llittle\Local Settings\Temp\frw138.tmp
c:\documents and settings\mfoulds\g2mdlhlpx.exe
c:\windows\system32\Cache
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-06 20:50 . 2012-11-06 20:50 -------- d-----w- c:\documents and settings\llittle\Application Data\Malwarebytes
2012-11-06 20:50 . 2012-11-06 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-06 20:50 . 2012-11-06 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-06 20:50 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 18:33 . 2012-11-06 18:41 -------- d-----w- c:\program files\Tracker Work
2012-10-25 13:24 . 2012-10-25 13:24 -------- d-----w- c:\program files\Common Files\Java
2012-10-23 13:50 . 2012-10-23 13:50 -------- d-----w- c:\program files\Inpaint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 03:34 . 2012-04-11 14:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 03:34 . 2011-06-08 13:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 19:32 . 2012-07-27 18:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2010-05-11 13:32 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2010-05-11 13:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2008-07-21 22:50 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-07-21 22:50 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\llittle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\llittle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\llittle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\llittle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NG3CheckedOut]
@="{1E5E1445-6CEA-4761-8E45-AA19F654571E}"
[HKEY_CLASSES_ROOT\CLSID\{1E5E1445-6CEA-4761-8E45-AA19F654571E}]
2007-07-26 20:20 278528 ------w- c:\program files\Adobe\Adobe RoboSource Control 3.1\DirBkgndExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NG3ReadOnly]
@="{1AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}"
[HKEY_CLASSES_ROOT\CLSID\{1AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}]
2007-09-10 19:51 139264 ------w- c:\program files\Adobe\Adobe RoboSource Control 3.1\NGMenu.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-23 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-06-27 53248]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-03-26 389120]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-03 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-10-12 444904]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-14 2904984]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe" [2007-05-11 46200]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\documents and settings\llittle\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\llittle\Application Data\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
E-mail.lnk - [N/A]
FreeWheel.lnk - c:\program files\FreeWheel\FreeWheel.exe [1999-10-28 229376]
iexplore.lnk - c:\program files\Internet Explorer\iexplore.exe [2008-7-21 638816]
MacroExpress.lnk - c:\program files\Macro Express\macexp.EXE [2009-12-11 1141248]
xplorer2 Lite.lnk - c:\program files\zabkat\xplorer2_lite\xplorer2_lite.exe [2009-6-28 628309]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [6/27/2012 2:51 PM 82472]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [6/27/2012 2:51 PM 120744]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [6/27/2012 2:51 PM 122664]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [6/27/2012 2:51 PM 93992]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [6/27/2012 2:51 PM 104104]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [6/27/2012 2:51 PM 286376]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [6/27/2012 2:51 PM 153000]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [6/27/2012 2:51 PM 106536]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [7/12/2012 10:18 AM 206632]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [6/27/2012 2:51 PM 92840]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [7/13/2012 6:02 AM 179112]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 PM 46144]
R2 ClickFreeCFNetAgentService;ClickFreeCFNetAgentService;c:\documents and settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe [6/25/2010 8:55 AM 208896]
R2 ClickFreeFirewallSettingService;ClickFreeFirewallSettingService;c:\documents and settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe [6/25/2010 8:55 AM 180224]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\llittle\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/17/2011 12:04 PM 560848]
R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [6/23/2009 1:23 PM 171872]
R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [11/12/2009 10:03 AM 163680]
R2 iTrakAlertService;iTrakAlertService;c:\program files\iViewSystems\iTrak Server\iView.iTrak.Alerts.Service.exe [4/23/2012 5:21 AM 24576]
R2 iTrakServer;iTrak Server;c:\program files\iViewSystems\iTrak Server\iTrakServerService.exe [4/23/2012 5:20 AM 24576]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/6/2012 3:50 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2012 3:50 PM 676936]
R2 MSSQL$TRACKER;SQL Server (TRACKER);c:\program files\Microsoft SQL Server\MSSQL10_50.TRACKER\MSSQL\Binn\sqlservr.exe [4/24/2011 1:33 AM 42872672]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [7/13/2012 5:57 AM 140064]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [7/13/2012 6:02 AM 149032]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/13/2012 6:02 AM 101544]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [7/13/2012 6:02 AM 114728]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/13/2012 6:02 AM 120616]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [7/13/2012 6:15 AM 36640]
R2 RSO3MiddleTierService;RSO3 MiddleTier Service;c:\program files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe [9/20/2007 7:20 PM 28672]
R2 RSO3Server;RSO3 Server Service;c:\program files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe [9/20/2007 7:20 PM 507904]
R2 TBNResolver;TBN Peer Resolver;c:\dental\Tracker\Resolver\TBNResolverService.exe [6/5/2008 10:05 AM 7168]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/6/2012 3:50 PM 22856]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [7/25/2012 9:06 AM 46280]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 5:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 8:46 PM 37184]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 11:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 11:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 11:15 AM 166384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 ClickFreeC3WifiCfgService;ClickFreeC3WifiCfgService;c:\documents and settings\All Users\Application Data\OfficeGuardianC3\C3WiFiCfg.exe [6/25/2010 8:49 AM 315392]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [9/9/2011 12:54 PM 38536]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 11:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 tvnserver;TightVNC Server;c:\documents and settings\llittle\Local Settings\Application Data\CrossLoop\tvnserver.exe [2/17/2011 12:04 PM 814080]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 11:56 AM 44896]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [6/27/2012 2:51 PM 51496]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$TRACKER;SQL Server Agent (TRACKER);c:\program files\Microsoft SQL Server\MSSQL10_50.TRACKER\MSSQL\Binn\SQLAGENT.EXE [4/24/2011 1:33 AM 367456]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:34]
.
2012-11-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-WORDSTW-ctin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-10-12 12:59]
.
2012-11-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-WORDSTW-LLittle.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-10-12 12:59]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 13:34]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 13:34]
.
2012-09-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2009-11-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-12 05:45]
.
2012-11-08 c:\windows\Tasks\TBN_BACKUP_JOB_1.job
- c:\program files\Tracker Work\BackupUtilityApp.exe [2012-11-06 15:41]
.
2012-11-09 c:\windows\Tasks\User_Feed_Synchronization-{F0A5DEBB-DF9F-4DBE-922B-E2FD14B7008D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.primus.ca/
uInternet Connection Wizard,ShellNext = ftp://ftp.bridge-network.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: benesure.com\vpn
Trusted Zone: wtwws12
TCP: Interfaces\{29A780AB-B9C4-4B59-A14B-AA9AA109B844}: NameServer = 192.168.5.5
DPF: {0449A3DB-050C-4895-9236-D9B11778459B} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinterVig.cab
DPF: {1C3BCA65-862B-4827-A9D1-6F52C1C4BAF6} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/Benson.CAB
DPF: {22DF4EEF-95DC-4E41-891A-E048FE087980} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/PB100.CAB
DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://dev.medgate.com/crystalreportviewers11/ActiveXControls/ActiveXViewer.cab
DPF: {D609A755-3A7F-4F1E-BC04-B485A83A08FA} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/Earscan.CAB
DPF: {E180C716-E689-4BEB-8DBF-DFCDADD94DAB} - hxxp://sample.dev3.medgate.com/gx2/Content/cabs/CA850.CAB
FF - ProfilePath - c:\documents and settings\llittle\Application Data\Mozilla\Firefox\Profiles\uhzmgv37.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://webmail.primus.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
HKCU-Run-Akamai NetSession Interface - c:\documents and settings\llittle\Local Settings\Application Data\Akamai\netsession_win.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 10:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5796)
c:\windows\system32\WININET.dll
c:\program files\Macro Express\MEXHOOK.DLL
c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\panda_url_filtering.dll
c:\documents and settings\llittle\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Adobe\Adobe RoboSource Control 3.1\DirBkgndExt.dll
c:\program files\Adobe\Adobe RoboSource Control 3.1\NGMenu.dll
c:\docume~1\llittle\LOCALS~1\Temp\frwB.tmp
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\dllhost.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
c:\windows\system32\ICO.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\FSRremoS.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\Pelmiced.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
.
**************************************************************************
.
Completion time: 2012-11-09 10:20:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 15:20
.
Pre-Run: 166,764,457,984 bytes free
Post-Run: 170,281,091,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CD58FAC9B0CD76560B1DA7DA5B917BC9
 
Good job...now this please:

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
Thanks - TDSS log attached
 

Attachments

  • TDSSKiller.2.8.15.0_09.11.2012_13.48.12_log.txt
    123.1 KB · Views: 1
aswMBR.txt below, MBRscan.txt attached

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 14:05:05
-----------------------------
14:05:05.804 OS Version: Windows 5.1.2600 Service Pack 3
14:05:05.804 Number of processors: 2 586 0x170A
14:05:05.804 ComputerName: WTWWS12 UserName: llittle
14:05:06.882 Initialize success
14:05:35.273 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
14:05:35.273 Disk 0 Vendor: Hitachi_HDT721025SLA380 STBOA39A Size: 238475MB BusType: 3
14:05:35.288 Disk 0 MBR read successfully
14:05:35.288 Disk 0 MBR scan
14:05:35.288 Disk 0 unknown MBR code
14:05:35.304 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 234443 MB offset 2048
14:05:35.319 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4030 MB offset 480141312
14:05:35.335 Disk 0 scanning sectors +488394752
14:05:35.382 Disk 0 scanning C:\WINDOWS\system32\drivers
14:05:41.569 Service scanning
14:06:10.679 Modules scanning
14:06:23.382 Scan finished successfully
14:06:41.819 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\llittle\Desktop\MBR.dat"
14:06:41.819 The log file has been saved successfully to "C:\Documents and Settings\llittle\Desktop\aswMBR.txt"
 

Attachments

  • MBRscan.txt
    512 bytes · Views: 2
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Sorry, I was away for the weekend. I see that this scan can take a few hours, so I'll start it at the end of the day - just wanted to let you know I'm still here...
 
BTW, just to capture this in case it means anything, I just got this error message (png attached). I only have open IE, Outlook, and xplorer2, and was responding to an email at the time.
 

Attachments

  • errormsg.png
    errormsg.png
    14.5 KB · Views: 1
That's for Windows Search. We can disable a couple of services to make that go away, if you like. Let me know when you have completed the ESET scan please.
 
Hi again, ESET found no threats. But wow, the last hour has been brutal! My biggest problem is RoboHelp9. It has been increasingly slow to load over the last two weeks (perhaps related to installing/using PureText with it?), and I have had to force close it. Today it took 10 minutes (no exaggeration) to load the app. I closed it and waited it out to see if it would eventually close on its own. 30 minutes later I gave up and force closed it again. While it was open and trying to close, I tried to type in this response and in a Word doc, and it would take 20 seconds to have 8 characters appear. Even after RH finally closed I couldn't type "real-time". I looked at the Task Manager processes and MalwareBytes was taking the most memory, so I disabled it. Still no joy. Restarted my computer and finally can type. I wondered if Robohelp9 was just being ornery with my older PC configuration, but RH10 loads and closes quickly without any problem. Given my original problem (re the program menu) was resolved after I deleted PureText, and all your scans don't seem to have yielded any problems, I wonder if I should uninstall and reinstall RH9 and deal directly with Adobe Support if there are further problems with RH9?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back