Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
Annoying pop-up "blueskyadagancy" please help
maccini
post Feb 20 2009, 10:25 PM
Post #16


Member
**
Posts: 13
OS: vista
Hi, can't get rid of this "blueskyadagency" pop-up messages when running firefox. It's also slowing down my system. I have run malewarebytes, adaware, spyware dr and spybot. They removed the trojan but it keeps coming back. I am adding my hijack log and combofix log.

Thanks,

-Rich


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:48 PM, on 2/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1232082046\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11894 bytes




ComboFix 09-02-19.01 - Rich 2009-02-20 22:03:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2013.913 [GMT -5:00]
Running from: c:\users\Rich\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\41b29219-ccbb-00c1-88e6-e586c66fba8c.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
Q:\Autorun.inf
S:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://dibs.ddni.net
.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-17 23:38 . 2009-02-17 23:50 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-17 23:38 . 2009-02-17 23:50 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-17 23:38 . 2009-02-17 23:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-17 06:48 . 2009-02-17 06:48 <DIR> d-------- c:\program files\MetaStream
2009-02-17 06:28 . 2009-02-17 06:28 <DIR> d-------- c:\users\All Users\Viewpoint
2009-02-17 06:28 . 2009-02-17 06:28 <DIR> d-------- c:\programdata\Viewpoint
2009-02-17 01:16 . 2009-02-17 01:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 05:04 . 2009-02-16 00:09 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-02-16 00:09 . 2009-02-16 00:09 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-02-16 00:07 . 2009-02-16 00:09 <DIR> d-------- c:\users\All Users\Lavasoft
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 00:07 . 2009-02-16 00:09 <DIR> d-------- c:\programdata\Lavasoft
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d-------- c:\program files\Lavasoft
2009-02-15 17:42 . 2009-02-15 17:42 347,019 --a------ c:\windows\xwbsp37588.exe
2009-02-15 17:42 . 2009-02-15 17:42 132,880 --a------ c:\windows\System32\MSINET.OCX
2009-02-15 17:41 . 2009-02-15 17:42 4,623,480 --a------ c:\windows\mwsnu6641.exe
2009-02-15 17:41 . 2009-02-15 17:41 28,672 --a------ c:\windows\lujl83531.exe
2009-02-15 16:46 . 2009-02-16 00:04 <DIR> d-a------ c:\users\All Users\TEMP
2009-02-15 16:46 . 2009-02-16 00:04 <DIR> d-a------ c:\programdata\TEMP
2009-02-14 15:26 . 2009-02-14 15:26 <DIR> d-------- c:\users\Rich\AppData\Roaming\Talkback
2009-02-14 11:57 . 2009-02-14 11:57 <DIR> d-------- c:\program files\Sony Corporation
2009-02-11 11:24 . 2009-02-11 11:24 <DIR> d--hs---- c:\windows\ftpcache
2009-02-11 10:05 . 2009-02-11 10:05 <DIR> d-------- c:\windows\Sun
2009-02-11 06:45 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 06:45 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-06 18:06 . 2009-02-06 18:06 <DIR> d-------- c:\users\ihateaol\AppData\Roaming\AOL
2009-02-06 16:42 . 2009-02-06 16:42 784 --a------ c:\windows\System32\Local Area Connection.xml
2009-02-06 15:54 . 2009-02-06 15:55 <DIR> d-------- c:\users\ihateaol\AppData\Roaming\Lenovo
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Videos
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Searches
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Saved Games
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Pictures
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Music
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Links
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Downloads
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Documents
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Contacts
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> d--h----- c:\users\ihateaol\AppData
2009-02-06 15:53 . 2009-02-15 10:13 <DIR> d-------- c:\users\ihateaol
2009-02-05 20:07 . 2009-02-05 20:07 <DIR> d-------- c:\users\Guest\AppData\Roaming\AOL
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Videos
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Searches
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Saved Games
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Pictures
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Music
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Links
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Downloads
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Documents
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Contacts
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d-------- c:\users\Guest\AppData\Roaming\Lenovo
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d--h----- c:\users\Guest\AppData
2009-02-05 20:04 . 2009-02-15 10:13 <DIR> d-------- c:\users\Guest
2009-02-02 19:39 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-02 19:39 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-02 19:39 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-02 19:39 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-02 19:39 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-02 19:39 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-02 19:39 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-02 19:39 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-02 19:32 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-02 19:32 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-02 19:32 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-02 19:32 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-02 19:32 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-31 19:20 . 2009-02-16 12:54 <DIR> d-------- c:\users\Rich\Shared
2009-01-31 19:20 . 2009-02-16 16:37 <DIR> d-------- c:\users\Rich\Incomplete
2009-01-31 19:18 . 2009-02-16 14:36 <DIR> d-------- c:\users\Rich\AppData\Roaming\LimeWire
2009-01-31 19:18 . 2009-01-31 19:18 <DIR> d-------- c:\program files\LimeWire
2009-01-31 18:28 . 2009-02-16 00:09 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-31 18:28 . 2009-01-31 18:28 <DIR> d-------- c:\users\Rich\AppData\Roaming\Apple Computer
2009-01-31 18:28 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-31 18:28 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\iTunes
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\iPod
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\Bonjour
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\programdata\Apple Computer
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\program files\QuickTime
2009-01-31 18:26 . 2009-01-31 18:26 <DIR> d-------- c:\program files\Apple Software Update
2009-01-31 18:25 . 2009-01-31 18:25 <DIR> d-------- c:\users\All Users\Apple
2009-01-31 18:25 . 2009-01-31 18:25 <DIR> d-------- c:\programdata\Apple
2009-01-31 18:25 . 2009-01-31 18:27 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-30 19:57 . 2009-01-30 19:57 <DIR> d-------- c:\program files\dvd43
2009-01-30 19:57 . 2009-01-30 19:57 18,816 --a------ c:\windows\System32\drivers\dvd43llh.sys
2009-01-30 19:54 . 2009-01-30 19:54 <DIR> d-------- c:\program files\EasyDVDShrink
2009-01-30 19:54 . 1999-09-10 12:06 45,056 --a------ c:\windows\System32\WNASPI32.DLL
2009-01-30 19:54 . 1999-09-10 12:06 25,244 --a------ c:\windows\System32\drivers\ASPI32.SYS
2009-01-30 19:54 . 1999-09-10 12:06 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-01-30 19:54 . 1999-09-10 12:06 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-01-30 19:50 . 2009-01-30 19:50 <DIR> d-------- c:\program files\DVD Decrypter
2009-01-28 11:40 . 2009-01-28 11:40 33,536 --a------ c:\windows\System32\drivers\tvtfilter.sys
2009-01-26 00:28 . 2009-01-28 10:34 <DIR> d-------- c:\program files\A123 MOV to AVI WMV DVD MPEG MP4 MOV Converter
2009-01-26 00:28 . 2009-01-26 00:28 34 --ah----- c:\windows\System32\VideoConverter_sysquict.dat
2009-01-26 00:27 . 2009-01-26 00:27 <DIR> d-------- c:\users\Rich\AppData\Roaming\Download Manager
2009-01-26 00:13 . 2009-01-26 00:13 <DIR> d-------- c:\users\Rich\AppData\Roaming\Pegasys Inc
2009-01-26 00:11 . 2009-01-26 00:10 145,504 --a------ c:\windows\System32\bgsvcgen.exe
2009-01-26 00:11 . 2009-01-26 00:10 59,488 --a------ c:\windows\System32\GenSvcInst.exe
2009-01-26 00:11 . 2009-01-26 00:10 13,567 --a------ c:\windows\System32\drivers\CDRBSDRV.SYS
2009-01-22 21:13 . 2009-01-22 21:13 <DIR> d-------- c:\program files\SiteAdvisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 14:15 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-16 04:51 --------- d-----w c:\users\Rich\AppData\Roaming\uTorrent
2009-02-15 15:12 --------- d-----w c:\programdata\Lenovo
2009-02-15 15:12 --------- d-----w c:\program files\AOL 9.1
2009-02-11 22:05 --------- d-----w c:\program files\FxPro MetaTrader
2009-02-11 22:05 --------- d-----w c:\program files\FXDD - MetaTrader 4
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-11 15:04 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-11 11:46 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 11:46 --------- d-----w c:\program files\Windows Mail
2009-02-10 12:46 --------- d-----w c:\program files\Common Files\aol
2009-02-06 20:55 --------- d-----w c:\programdata\Sonic
2009-02-03 00:45 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-28 16:40 --------- d-----w c:\program files\Lenovo
2009-01-28 16:40 --------- d-----w c:\program files\Common Files\Lenovo
2009-01-26 00:12 --------- d-----w c:\program files\McAfee
2009-01-23 15:00 --------- d-----w c:\programdata\PCDr
2009-01-23 15:00 --------- d-----w c:\program files\PCDR5
2009-01-21 01:22 --------- d-----w c:\programdata\SiteAdvisor
2009-01-21 01:22 --------- d-----w c:\programdata\McAfee
2009-01-20 04:21 --------- d-----w c:\program files\uTorrent
2009-01-20 01:20 --------- d-----w c:\program files\Common Files\McAfee
2009-01-20 01:19 --------- d-----w c:\program files\McAfee.com
2009-01-16 16:24 --------- d-----w c:\users\Rich\AppData\Roaming\AOL
2009-01-16 16:14 --------- d-----w c:\programdata\AOL
2009-01-16 16:01 --------- d-----w c:\programdata\AOL Downloads
2009-01-16 15:00 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 05:02 --------- d-----w c:\program files\Common Files\aolshare
2009-01-16 05:01 --------- d-----w c:\program files\Viewpoint
2009-01-16 05:01 --------- d-----w c:\program files\Common Files\Nullsoft
2009-01-16 05:00 --------- d-----w c:\programdata\AOL OCP
2009-01-15 15:54 --------- d-----w c:\program files\Java
2009-01-15 15:24 --------- d-----w c:\program files\MSXML 4.0
2009-01-15 14:14 --------- d-----w c:\programdata\DietPower4.4
2009-01-15 14:13 --------- d--h--w c:\programdata\{62305769-72A0-4229-BBE0-226CB5F989E1}
2009-01-15 14:13 --------- d-----w c:\program files\DietPower 4.4
2009-01-15 01:47 --------- d-----w c:\users\Rich\AppData\Roaming\Malwarebytes
2009-01-15 01:47 --------- d-----w c:\programdata\Malwarebytes
2009-01-15 00:37 --------- d-----w c:\program files\MSBuild
2009-01-15 00:34 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-14 22:20 --------- d--h--w c:\programdata\DDNI
2009-01-14 22:20 --------- d-----w c:\program files\DDNI
2009-01-14 22:17 --------- d-----w c:\programdata\PC-Doctor for Windows
2009-01-14 22:15 --------- d-----w c:\users\Rich\AppData\Roaming\Downloaded Installations
2009-01-14 15:33 --------- d-----w c:\users\Rich\AppData\Roaming\Lenovo
2009-01-14 15:31 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-14 15:30 100 ----a-w c:\windows\system32\drivers\Lenovo_2746_CTO.MRK
2009-01-10 08:19 --------- d-----w c:\program files\Microsoft Office Suite Activation Assistant
2009-01-10 08:11 --------- d-----w c:\program files\Microsoft Small Business
2009-01-10 08:10 --------- d-----w c:\program files\Microsoft.NET
2009-01-10 08:08 --------- d-----w c:\program files\Microsoft Works
2009-01-10 08:04 --------- d-----w c:\programdata\PC-Doctor
2009-01-10 08:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 08:03 --------- d-----w c:\program files\Intel
2009-01-10 08:00 --------- d-----w c:\program files\ThinkPad
2009-01-10 07:59 --------- d-----w c:\programdata\Roxio
2009-01-10 07:55 30,144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-01-10 07:55 129,784 ------w c:\windows\System32\pxafs.dll
2009-01-10 07:55 118,520 ------w c:\windows\System32\pxinsi64.exe
2009-01-10 07:55 116,472 ------w c:\windows\System32\pxcpyi64.exe
2009-01-10 07:55 --------- d-----w c:\program files\Verizon Wireless
2009-01-10 07:51 --------- d-----w c:\program files\Common Files\Java
2009-01-10 07:50 --------- d-----w c:\program files\InterVideo
2009-01-10 07:49 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-10 07:48 --------- d-----w c:\programdata\Uninstall
2009-01-10 07:48 --------- d-----w c:\programdata\InstallShield
2009-01-10 07:48 --------- d-----w c:\program files\ThinkVantage
2009-01-10 07:48 --------- d-----w c:\program files\Sonic Icons for Lenovo
2009-01-10 07:48 --------- d-----w c:\program files\Roxio
2009-01-10 07:48 --------- d-----w c:\program files\Lenovo Registration
2009-01-10 07:48 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-10 07:47 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-01-10 07:47 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-10 07:46 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-10 07:46 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-10 07:41 --------- d-----w c:\program files\Lenovo Group Limited
2009-01-10 07:38 --------- d-----w c:\program files\Realtek
2009-01-10 07:38 --------- d-----w c:\program files\CONEXANT
2009-01-10 07:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-10 07:36 --------- d-----w c:\program files\Synaptics
2009-01-10 07:35 --------- d-----w c:\program files\DIFX
2009-01-10 07:35 --------- d-----w c:\program files\Cisco
2009-01-10 07:27 3,601,976 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-10 07:27 3,549,752 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-10 07:25 625,152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-01-10 07:25 565,248 ----a-w c:\windows\System32\emdmgmt.dll
2009-01-10 07:25 45,056 ----a-w c:\windows\System32\dataclen.dll
2009-01-10 07:25 428,544 ----a-w c:\windows\System32\EncDec.dll
2009-01-10 07:25 36,864 ----a-w c:\windows\System32\cdd.dll
2009-01-10 07:25 293,376 ----a-w c:\windows\System32\psisdecd.dll
2009-01-10 07:25 148,480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-01-10 07:24 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2009-01-10 07:24 2,644,480 ----a-w c:\windows\System32\NlsLexicons0009.dll
2009-01-10 07:24 12,240,896 ----a-w c:\windows\System32\NlsLexicons0007.dll
2009-01-10 07:22 885,248 ----a-w c:\windows\System32\RacEngn.dll
2009-01-10 07:22 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-10 07:22 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-10 07:22 2,032,640 ----a-w c:\windows\System32\win32k.sys
2009-01-10 07:21 90,112 ----a-w c:\windows\System32\wshext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-23 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-11-20 640288]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-07-30 33304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"HostManager"="c:\program files\Common Files\AOL\1232082046\ee\AOLSoftware.exe" [2008-06-24 41824]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\System32\TpShocks.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2006-11-20 12:33 214576 c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DietPower 4.4 Update Setup for All Users]
--a------ 2008-07-07 11:46 2395976 c:\programdata\{62305769-72A0-4229-BBE0-226CB5F989E1}\DietPowerSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-11-17 18:50 827904 c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hrlhssvc]
--a------ 2009-02-15 17:42 851968 c:\users\Rich\AppData\Local\hrlhssvc\hrlhssvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-11 10:04 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1737692862-350434438-2812127596-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D74B93C5-027D-42F8-A63E-9A91FA50D583}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{35BC7809-4DEA-404E-9AC8-C44A020799D6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9F599504-48E3-4F91-901B-F99FC5A38D7B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6A48022-8679-42E2-A8F1-E291E6AE6548}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD85FDEA-AA8C-44E9-A1E3-49C0917ED557}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B97A33E7-3547-4E28-901A-EAAFC1C1A4CF}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{96389246-21EB-4A20-BEC7-ADA6218C1BE2}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{FF8D981B-CCCE-44A0-A930-0B74774F4D2D}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{BB20F5D6-A155-4DCB-AA75-37A55F1E645F}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{859AC31B-2AD6-4C0F-A026-5152AC14579E}"= UDP:c:\program files\Common Files\aol\1232082046\ee\aolsoftware.exe:AOL Shared Components
"{E6AF2992-676C-45C0-9679-91C27B7CC267}"= TCP:c:\program files\Common Files\aol\1232082046\ee\aolsoftware.exe:AOL Shared Components
"{FF23B675-5A69-45D8-8A87-B52C38E35189}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{5AF5090B-0138-4BFF-8B93-B0D944FB40AD}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{27646B96-D89D-458D-AB47-83F9080A55A1}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{F13854B1-4749-45EB-A42E-1FE2FB256E13}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{8A36A9D3-763C-486B-A5F1-5564FE55D821}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D0CEBB71-A5C1-4146-8B15-324269D8B789}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A0C1B893-AB39-4B10-BE8E-80643CEA7419}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{D1B2F512-23C7-40AC-856D-A6AABDC5171E}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{4F585607-F9E1-4956-BE65-8B5B2B94F4E7}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{0F1F5A7C-02C9-4FA6-B584-BE2111C79477}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96A54E30-7470-45AD-89C7-E0E246E29111}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1D61DF3F-ABFD-4EDF-B5A4-DD40CB0763B1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4FF15F32-D38C-48C4-A97C-1E2A4656F762}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E67D0CBE-D8FC-45FD-AA3E-F17191FE8968}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{FE57109D-482D-4029-AB37-4D8B8AC605FD}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{395E85E5-8742-4074-86AC-B3EE08F6726A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D635A394-3E32-4897-A69F-612EE7B7B81C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{1DA87496-DA24-4793-A55A-7B6B9F9C1AC6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0CC0971B-35AB-492A-994F-3CE6BC80CA3B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2009-01-10 225304]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-16 64160]
R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [2008-05-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-19 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [2009-01-10 11552]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2009-01-10 112128]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2008-05-24 48192]

--- Other Services/Drivers In Memory ---

*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - wanatw
*Deregistered* - Wdf01000
*Deregistered* - XAudio

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}]
\shell\AutoRun\command - Q:\LenovoQDrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}]
\shell\AutoRun\command - S:\LenovoSDrive.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 00:09]

2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-10-31 13:14]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DietPower 4 - c:\users\Rich\AppData\Local\{62305769-72A0-4229-BBE0-226CB5F989E1}\DietPowerSetup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\oi0ex9cm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
1 file(s) moved.
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 22:08:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4464)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\windows\System32\wlanext.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\ATK Hotkey\LControl.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\igfxsrvc.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\ThinkPad\Utilities\PWMUIAux.EXE
c:\program files\AOL 9.1\shellmon.exe
c:\program files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-20 22:15:57 - machine was rebooted [Rich]
ComboFix-quarantined-files.txt 2009-02-21 03:15:32

Pre-Run: 117,185,617,920 bytes free
Post-Run: 116,742,467,584 bytes free

458 --- E O F --- 2009-02-11 11:49:35
Go to the top of the page
 
+Quote Post

Posts in this topic
- maccini   Annoying pop-up "blueskyadagancy" please help   Feb 20 2009, 10:25 PM
- - kahdah   Still getting popups?   Feb 22 2009, 07:53 AM

 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 21st November 2009 - 12:45 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.