Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log help

Started by zenuke , Sep 15 2010 02:33 PM

  • Please log in to reply

#1
zenuke
Posted 15 September 2010 - 02:33 PM

zenuke

    New Member

  • Member
  • Pip
  • 4 posts
The desktop people at work are telling me I have a virus. I have run the tools they tell me to but they always come up clean. I am hijackthis and don't see anything out of the ordinary but maybe you can help. They won't tell me what the virus is either...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:11 PM, on 9/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\cacarey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cacarey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cacarey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cacarey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cacarey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\cacarey\LOCALS~1\Temp\HouseCall\housecall.bin
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://corp.gannett.gci/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NoDualHome] C:\Program Files\NoDualHome\NoDualHome.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office Communicator 2007 R2.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.eformrs.com
O15 - Trusted Zone: *.riag.com
O15 - Trusted Zone: *.eformrs.com (HKLM)
O15 - Trusted Zone: *.riag.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1260371813271
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1275059777895
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://access.ganne...SetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ad.gannett.com
O17 - HKLM\Software\..\Telephony: DomainName = us.ad.gannett.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.ad.gannett.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.ad.gannett.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DB2 Management Service (ChadDB2) (DB2MGMTSVC_ChadDB2) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

--
End of file - 13115 bytes

I have run Mcafee, Malwarebytes, and spybot. I am running housecall now. So far, nothing has been found.
  • 0

Advertisements

#2
zenuke
Posted 15 September 2010 - 07:09 PM

zenuke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Gmer wont complete, I get a blue screen.

added my OTL logs

Attached Files

  • Attached File  Extras.Txt   80.91KB   215 downloads
  • Attached File  OTL.Txt   152.68KB   107 downloads

  • 0

#3
zenuke
Posted 16 September 2010 - 10:23 AM

zenuke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
combofix log

ComboFix 10-09-15.02 - cacarey 09/16/2010 12:04:30.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2654 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\Cache
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 15:38 . 2010-09-16 15:38 3845701 ----a-r- C:\ComboFix.exe
2010-09-16 13:19 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-16 01:14 . 2010-09-16 01:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-16 00:53 . 2010-09-16 00:53 575488 ----a-w- C:\OTL.exe
2010-09-15 23:35 . 2010-09-15 23:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-15 22:46 . 2010-09-15 22:46 284915 ----a-w- C:\gmer.zip
2010-09-15 21:10 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-15 21:10 . 2010-09-15 21:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-15 21:07 . 2010-09-15 21:07 -------- d-----w- c:\documents and settings\cacarey\Local Settings\Application Data\Sunbelt Software
2010-09-15 21:06 . 2010-09-15 21:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-15 21:06 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-15 21:05 . 2010-09-15 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-15 21:05 . 2010-09-15 21:05 -------- d-----w- c:\program files\Lavasoft
2010-09-15 20:39 . 2010-09-15 20:39 446464 ----a-w- C:\TFC.exe
2010-09-15 20:15 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-08 16:44 . 2010-09-08 16:44 -------- d-----w- c:\documents and settings\cacarey\Application Data\.minecraft
2010-09-03 13:52 . 2010-09-03 13:52 -------- d-----w- C:\Article_Source
2010-09-03 13:52 . 2010-09-03 13:52 507765 ----a-w- C:\Article_Source.zip
2010-09-01 15:17 . 2010-09-01 15:17 -------- d-----w- c:\documents and settings\cacarey\Application Data\Malwarebytes
2010-09-01 15:17 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 15:17 . 2010-09-01 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-01 15:17 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-01 15:17 . 2010-09-01 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 14:51 . 2010-08-30 14:52 -------- d-----w- C:\German ww2
2010-08-27 14:32 . 2010-08-27 14:32 -------- d-----w- c:\documents and settings\cacarey\WINDOWS
2010-08-27 14:29 . 2010-08-27 14:32 -------- d-----w- C:\winds
2010-08-23 18:18 . 2010-09-15 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Altova
2010-08-23 14:03 . 2010-08-23 14:03 1634 ----a-w- C:\js.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 21:19 . 2009-09-08 16:19 -------- d-----w- c:\program files\ROM CHECK FAIL
2010-09-15 21:17 . 2009-11-16 23:52 -------- d-----w- c:\program files\Defcon
2010-09-15 20:42 . 2009-09-29 11:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-15 20:42 . 2010-01-13 12:01 -------- d-----w- c:\program files\Microsoft Office Communicator
2010-09-15 20:22 . 2009-09-01 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-13 13:06 . 2010-03-02 01:11 299678 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-09-10 18:39 . 2009-12-08 14:48 164880 -c-ha-w- c:\documents and settings\cacarey\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-08-27 11:02 . 2010-01-25 02:51 -------- d-----w- c:\documents and settings\cacarey\Application Data\uTorrent
2010-08-09 12:24 . 2010-08-09 12:21 -------- d-----w- c:\program files\PdaNet for Android
2010-08-09 12:20 . 2010-08-09 12:20 3721248 ----a-w- C:\PdaNetA242.exe
2010-08-06 12:06 . 2010-08-06 12:06 2165761 ----a-w- C:\NeatUpload-1.3.25.zip
2010-08-06 11:57 . 2010-08-06 11:57 30316 ----a-w- C:\fileuploadajax-52373.zip
2010-08-05 15:33 . 2010-07-01 18:35 5292761 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Evaluation\EPOAGENT3000\Install\0409\FramePkg.exe
2010-08-05 13:52 . 2010-08-05 13:52 14512 ----a-w- C:\fileuploadajax-v1-2.zip
2010-08-02 13:14 . 2010-08-02 13:14 2419037 ----a-w- C:\phpBB-3.0.7-PL1.zip
2010-07-28 18:19 . 2010-07-28 18:19 2186543 ----a-w- C:\reflector.zip
2010-07-27 18:57 . 2010-07-27 18:57 3946460 ----a-w- C:\e4772_1005HA_Linux_web.zip
2010-07-27 12:15 . 2010-07-27 12:15 119808 ----a-r- c:\documents and settings\cacarey\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2010-07-27 11:25 . 2010-07-27 11:25 2721168 ----a-w- C:\Windows7-USB-DVD-tool.exe
2010-07-23 15:47 . 2010-07-23 15:38 -------- d-----w- c:\documents and settings\cacarey\Application Data\.purple
2010-07-23 15:36 . 2010-07-23 15:36 9376815 ----a-w- C:\pidgin-2.7.2.exe
2010-07-15 13:49 . 2010-07-15 13:50 50176 ----a-w- C:\BaswareOrderMod-WinForm.exe
2010-07-14 14:58 . 2007-09-25 15:54 72616 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-09 13:56 . 2010-07-09 13:56 2721 ----a-w- C:\040512 (1).zip
2010-07-09 13:55 . 2010-07-09 13:55 2721 ----a-w- C:\040512.zip
2010-07-08 19:42 . 2010-07-08 19:42 37685 ----a-w- C:\admin_order.zip
2010-07-06 14:00 . 2010-07-06 14:00 57811 ----a-w- C:\WSUploaderService_Src.zip
2010-07-02 11:44 . 2010-07-02 11:44 8621 ----a-w- C:\R138611.zip
2010-07-02 11:40 . 2010-07-02 11:40 9337 ----a-w- C:\R116840.zip
2010-07-01 17:34 . 2010-07-01 17:34 58688 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\SITEADV_3000\Install\0000\saelaunch-3.0.0.561.2.exe
2010-07-01 17:34 . 2010-07-01 17:33 6338624 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\SITEADV_3000\Install\0000\saebundle-3.0.0.561.2.exe
2010-07-01 16:38 . 2010-01-22 16:31 6616897 ----a-w- c:\windows\FramePkg.exe
2010-06-30 12:31 . 2008-11-05 23:11 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 16:00 . 2010-06-25 16:00 162656 ----a-w- c:\documents and settings\cacarey\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2010-06-24 12:22 . 2008-11-05 23:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-11-05 23:12 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-11-05 23:19 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-01-07 00:07 . 2010-07-01 18:44 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-15 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-15 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
"NoDualHome"="c:\program files\NoDualHome\NoDualHome.vbs" [2008-07-03 6604]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-06-09 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2005-06-09 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2005-06-09 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2005-06-09 20480]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2010-07-01 5143904]
"Client Access PC5250 Sound"="c:\program files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-09 40960]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-06-01 140608]

c:\documents and settings\cacarey\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-8-9 449040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-2-10 604776]
Microsoft Office Communicator 2007 R2.lnk - c:\windows\Installer\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}\Comm.Ico [2010-9-15 26694]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-31 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 16:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^cacarey^Start Menu^Programs^Startup^E-mail.lnk]
path=c:\documents and settings\cacarey\Start Menu\Programs\Startup\E-mail.lnk
backup=c:\windows\pss\E-mail.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^cacarey^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\documents and settings\cacarey\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2006-05-26 05:13 208896 -c--a-w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2010-07-01 00:21 5143904 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-01 12:03 133104 ----atw- c:\documents and settings\cacarey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2006-05-26 05:13 151552 -c--a-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbopcon.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/15/2010 5:10 PM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [11/5/2008 7:19 PM 19504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 DB2MGMTSVC_ChadDB2;DB2 Management Service (ChadDB2);c:\program files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [5/30/2009 8:55 PM 37664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [3/25/2010 1:20 PM 226624]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [1/6/2010 8:07 PM 22816]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/31/2009 6:05 PM 70728]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [11/5/2008 7:19 PM 81280]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/31/2009 6:05 PM 66600]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [11/7/2006 9:32 AM 99200]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [1/16/2010 12:00 PM 9472]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 9:24 PM 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/1/2009 8:10 AM 721904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\Ad-Aware Scan (start).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 21:10]

2010-09-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 21:10]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721170245-949946735-1205285143-3603834Core.job
- c:\documents and settings\cacarey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-01 12:03]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721170245-949946735-1205285143-3603834UA.job
- c:\documents and settings\cacarey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-01 12:03]

2010-09-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-09-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-11-05 05:13]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{BB8D2929-C187-4959-8109-284A9037EB64}.job
- c:\windows\system32\msfeedssync.exe [2008-11-05 08:31]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{D667889C-ADA0-46D8-8A01-19D3C53D452A}.job
- c:\windows\system32\msfeedssync.exe [2008-11-05 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://corp.gannett.gci/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: eformrs.com
Trusted Zone: riag.com
Trusted Zone: works.com\payment2
Trusted Zone: eformrs.com
Trusted Zone: riag.com
Trusted Zone: works.com\payment2
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.gannett.gci/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\cacarey\Application Data\Mozilla\Firefox\Profiles\nh6r0fgo.default\
FF - plugin: c:\documents and settings\cacarey\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-Total PC Defender 2010 - c:\program files\SystemDefender2010\Total PC Defender 2010.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-KB955706_SQLTools9 - c:\windows\SQLTools9_KB955706_ENU\Hotfix.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\documents and settings\cacarey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 12:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-09-16 12:11:35
ComboFix-quarantined-files.txt 2010-09-16 16:11

Pre-Run: 29,179,895,808 bytes free
Post-Run: 29,126,770,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 78EA1749FF22B64BF640286C8C8D6C7D
  • 0

#4
zenuke
Posted 16 September 2010 - 01:00 PM

zenuke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I also got this from my network people

"attempting to access external host 82.98.86.177. This destination IP has been reported to host malicious software or acts as a phone home server for malware. Please check to verify if this is authorized activity, misconfig or undesirable activity so we may profile this activity to reduce false positives."
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP