Don't know what is wrong, everything is slow

R

roboram12

New Member
Hey, a couple of days ago my computer just started to slow down when I access my main HDD, and access to my external HDD is nonexistent (it's there, explorer.exe locks up every time I try to open it). What happens is CPU usage jumps up to 100% and explorer.exe sometimes just locks up altogether. Here are my logs.

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:11 AM, on 12/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vcu.edu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = G2GMobile@VCU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://vram2c.vcu.edu/dwa8W.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17135 bytes

Malwarebytes

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6001 Service Pack 1

12/20/2008 9:37:53 AM
mbam-log-2008-12-20 (09-37-53).txt

Scan type: Quick Scan
Objects scanned: 52335
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Open HiJackThis and place a check mark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

O13 - Gopher Prefix:


After finished with that please run ComboFix.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Ok, so I ran Combofix, it restarted but the log file took a long time to make, and access to my HDD is still slow.

How do I post my ComboFix log? It makes the post too long character wise, and the document is too big for an attachment.


HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:13 PM, on 12/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vcu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://vram2c.vcu.edu/dwa8W.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16259 bytes
 
Ok, wasn't sure if multiple posts were ok or not.

ComboFix

ComboFix 08-12-20.01 - Josh 2008-12-20 14:13:39.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2030.1046 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-20 09:16 . 2008-12-20 09:16 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 00:45 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-20 00:44 . 2008-12-20 00:44 <DIR> d-------- c:\users\Josh\AppData\Roaming\Malwarebytes
2008-12-20 00:44 . 2008-12-20 00:44 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-20 00:44 . 2008-12-20 00:44 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-20 00:44 . 2008-12-20 00:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-20 00:44 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-20 00:28 . 2008-12-20 00:30 <DIR> d-------- c:\users\All Users\PCDr
2008-12-20 00:28 . 2008-12-20 00:30 <DIR> d-------- c:\programdata\PCDr
2008-12-18 11:37 . 2008-12-18 11:37 <DIR> d-------- c:\program files\Electronic Arts
2008-12-11 19:38 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-12-11 19:08 . 2008-12-11 19:08 <DIR> d-------- c:\program files\Microsoft Flight Sim X
2008-12-11 18:55 . 2008-12-11 18:55 <DIR> d-------- c:\program files\PowerISO
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\System32\xfcodec.dll
2008-12-10 15:23 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 15:21 . 2008-12-10 15:21 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-10 15:19 . 2008-12-10 15:19 <DIR> d-------- c:\users\Administrator\AppData
2008-12-10 15:19 . 2008-12-10 15:19 <DIR> d-------- c:\users\Administrator
2008-12-07 11:45 . 2008-12-07 11:45 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-07 09:23 . 2008-12-07 09:23 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 09:06 . 2008-12-07 09:07 <DIR> d-------- c:\users\All Users\NOS
2008-12-07 09:06 . 2008-12-07 09:07 <DIR> d-------- c:\programdata\NOS
2008-12-07 09:06 . 2008-12-07 09:06 <DIR> d-------- c:\program files\NOS
2008-12-02 21:41 . 2008-08-28 13:16 71,184 --a------ c:\windows\System32\drivers\DefragFS.sys
2008-12-02 21:40 . 2008-12-02 21:40 <DIR> d-------- c:\users\All Users\Raxco
2008-12-02 21:40 . 2008-12-02 21:40 <DIR> d-------- c:\programdata\Raxco
2008-12-02 21:39 . 2008-12-02 21:40 <DIR> d-------- c:\program files\Raxco
2008-12-02 14:16 . 2008-12-02 14:16 <DIR> d-------- c:\windows\System32\Futuremark
2008-12-02 14:16 . 2008-12-02 14:16 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-12-02 14:16 . 2008-09-17 15:14 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2008-11-26 02:26 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 02:26 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 02:26 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 02:26 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 02:26 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 22:42 . 2008-11-24 22:42 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 22:42 . 2008-11-24 22:42 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 22:42 . 2008-11-24 22:42 <DIR> d-------- c:\program files\iTunes
2008-11-24 22:42 . 2008-11-24 22:42 <DIR> d-------- c:\program files\iPod
2008-11-24 22:41 . 2008-11-24 22:41 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 19:33 --------- d-----w c:\program files\Steam
2008-12-20 17:57 --------- d-----w c:\programdata\Google Updater
2008-12-20 06:32 --------- d-----w c:\users\Josh\AppData\Roaming\uTorrent
2008-12-20 05:24 --------- d-----w c:\program files\PCDR5
2008-12-19 22:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-18 08:09 --------- d-----w c:\programdata\Xfire
2008-12-17 04:27 --------- d-----w c:\users\Josh\AppData\Roaming\Folding@home-x86
2008-12-15 23:25 --------- d-----w c:\users\Josh\AppData\Roaming\Xfire
2008-12-15 23:25 --------- d-----w c:\program files\Xfire
2008-12-12 00:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 00:11 --------- d-----w c:\program files\Microsoft Games
2008-12-11 03:54 --------- d-----w c:\program files\Windows Mail
2008-12-11 03:53 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-10 16:23 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-10 16:23 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-09 22:06 121,576 ----a-w c:\users\Josh\AppData\Roaming\nvModes.dat
2008-12-07 16:45 --------- d-----w c:\program files\Java
2008-12-07 14:22 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 20:35 --------- d-----w c:\program files\Common Files\Steam
2008-11-25 03:42 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 17:46 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-18 01:25 --------- d-----w c:\users\Josh\AppData\Roaming\teamspeak2
2008-11-18 01:25 --------- d-----w c:\program files\Teamspeak2_RC2
2008-11-16 17:55 --------- d-----w c:\users\Josh\AppData\Roaming\Subversion
2008-11-13 18:01 --------- d-----w c:\users\Josh\AppData\Roaming\Thunderbird
2008-11-12 00:55 --------- d-----w c:\programdata\NexonUS
2008-11-11 21:09 643,713 ----a-w c:\windows\System32\Dr Pepper Game Day Stadium.scr
2008-11-11 21:09 --------- d-----w c:\program files\Code and Theory
2008-11-08 20:55 --------- d-----w c:\users\Josh\AppData\Roaming\Leadertech
2008-11-06 16:40 --------- d-----w c:\programdata\Roxio
2008-11-06 04:53 --------- d-----w c:\users\Josh\AppData\Roaming\Auslogics
2008-11-06 04:53 --------- d-----w c:\program files\Auslogics
2008-11-06 04:39 --------- d-----w c:\program files\Future Pinball
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-11-02 05:31 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-02 05:26 22,328 ----a-w c:\users\Josh\AppData\Roaming\PnkBstrK.sys
2008-11-02 05:06 --------- d-----w c:\program files\Activision
2008-11-02 04:21 --------- d-----w c:\program files\MagicISO
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 16:54 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-29 00:17 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-27 00:46 --------- d-----w c:\users\Josh\AppData\Roaming\InstallShield
2008-10-27 00:43 --------- d-----w c:\programdata\Sonic
2008-10-25 18:39 --------- d-----w c:\users\Josh\AppData\Roaming\Move Networks
2008-10-23 19:28 --------- d-----w c:\program files\Wootalyzer
2008-10-23 17:13 30 ----a-w c:\users\Josh\jagex_runescape_preferences.dat
2008-10-23 17:10 --------- d-----w c:\program files\SwiftKit
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 03:48 --------- d-----w c:\users\Josh\AppData\Roaming\SecondLife
2008-10-21 00:58 --------- d-----w c:\users\Josh\AppData\Roaming\InterVideo
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 19:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 18:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 09:30 23,552 ----a-w c:\windows\System32\sophosboottasks.exe
2008-10-01 09:30 130,104 ----a-w c:\windows\System32\sdccoinstaller.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-05-05 16:35 174 --sha-w c:\program files\desktop.ini
2007-07-26 21:01 114,688 ----a-w c:\program files\internet explorer\plugins\ChimeShim.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Wootalyzer"="c:\program files\Wootalyzer\woot.exe" [2008-06-27 392192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-21 820520]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 558368]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-01-11 214576]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-17 431392]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\System32\TpShocks.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-05-08 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-08-02 245760]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-29 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-08 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{17EFDEA3-CA2D-4A3E-845E-C591CE9DD66E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D0289017-8B98-4C58-9F14-9D5EF5CF312F}c:\\program files\\steam\\steamapps\\ferrarisrule\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\ferrarisrule\team fortress 2\hl2.exe:hl2
"UDP Query User{F5FA568D-50EE-4567-BEA7-684A586D1FDF}c:\\program files\\steam\\steamapps\\ferrarisrule\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\ferrarisrule\team fortress 2\hl2.exe:hl2
"TCP Query User{1F9C0C58-EEEE-4725-8254-8CE791A3CAFE}c:\\program files\\steam\\steamapps\\ferrarisrule\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\ferrarisrule\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{4704452C-91D1-4674-89E7-014031151054}c:\\program files\\steam\\steamapps\\ferrarisrule\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\ferrarisrule\half-life 2 deathmatch\hl2.exe:hl2
"{062EFB45-6B14-45F6-8DEB-8E6263B221FB}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F94F613F-CB1D-4442-AA91-F1FE6326470A}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{5C2C90C6-2938-4D03-B51E-2EB43E4DE3F0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E3C59B97-24AC-4689-91B5-A2E5A1DEAF46}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D29DDF41-9574-4A72-9D50-96B35499B403}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{77B413B4-9B80-4FBA-9848-52EDE3EE4E57}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{482C5DA3-3169-49A6-AC1C-EBE8C4452A57}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C44A3125-D1B1-4D19-9F86-9C880C3A4370}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{8BB9C592-A7C3-4B39-BE25-9E58BD8C4954}c:\\program files\\steam\\steamapps\\ferrarisrule\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\ferrarisrule\counter-strike source\hl2.exe:hl2
"UDP Query User{ED820ABA-B63D-499A-8555-7B23C2359774}c:\\program files\\steam\\steamapps\\ferrarisrule\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\ferrarisrule\counter-strike source\hl2.exe:hl2
"TCP Query User{296796B9-D93A-4CAA-B387-3FAF9B9ECA61}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B068058D-9729-4792-846D-1A475D0D71AE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{FF96FC20-B30B-4F36-9A35-0B2A5FA306E6}c:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:c:\program files\ea games\battlefield 2\bf2.exe:BF2
"UDP Query User{AB8876F6-BF26-491F-9F72-EE6A914CF920}c:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:c:\program files\ea games\battlefield 2\bf2.exe:BF2
"TCP Query User{DF56F3DE-1BB6-4F87-8519-5778585C4D36}c:\\program files\\bzflag2.0.10\\bzflag.exe"= UDP:c:\program files\bzflag2.0.10\bzflag.exe:bzflag
"UDP Query User{02B8F524-A9EB-4C43-B124-064A0773BA9E}c:\\program files\\bzflag2.0.10\\bzflag.exe"= TCP:c:\program files\bzflag2.0.10\bzflag.exe:bzflag
"TCP Query User{8D9EB26B-4674-4E54-A8EA-9C57AE462C49}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{DA6AD0C1-6AE0-466D-8CAE-67F68D2B663D}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{C3F63910-DF08-491C-830D-28E2FE8B0CA3}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{04E965AA-8286-4B16-B030-8AB5C646E57B}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{133CD7DA-8D9D-4D41-ADEC-C1614D8864B1}c:\\program files\\real alternative\\media player classic\\mplayerc.exe"= UDP:c:\program files\real alternative\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{3867BBDB-80F2-43D7-8B89-2E62BC78070C}c:\\program files\\real alternative\\media player classic\\mplayerc.exe"= TCP:c:\program files\real alternative\media player classic\mplayerc.exe:Media Player Classic
"{F335CAEB-D032-4249-8FB0-02BB57503FE7}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{38AE894A-61D8-4A00-A9EA-FD7A18E19BF5}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{3DF44CE2-9B42-48D8-B0F5-6A637B8BB112}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{1F4FBFAA-7E0E-4A26-AB9E-4C10B630D489}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{2F1FF6F2-67C9-4487-AC22-41DCC9B87BFD}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{6C5C1741-9550-410D-811F-421E8BB64844}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{1E482263-34C8-4A6E-9129-5FD3599373A2}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{BC19191A-154F-423D-ABE1-40EE003BFA0A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{E0DBDB4A-87E0-4D90-847F-4E0152146050}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{6C355B4E-047B-446A-9027-70508EBA15F0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{636E0275-771D-406D-80C4-5E58214616B7}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{650F8039-5E13-409E-BDD6-8EF3289CF396}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"TCP Query User{A3D78E7C-DFE0-49B2-AB35-2DA4B4A97825}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:c:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"UDP Query User{EC9D141A-BF8D-454D-AA7B-2688AA1A899B}c:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:c:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"{B0007F5C-099F-4CBC-8A56-E68EC71B5D8D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{35F69903-D255-48AF-BA05-AF81C6EB14CF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{916D96E4-1ACF-45C2-B576-83521B7C69EF}c:\\program files\\ea games\\mercenaries 2 world in flames\\mercenaries2.exe"= UDP:c:\program files\ea games\mercenaries 2 world in flames\mercenaries2.exe:Mercenaries 2: World in Flames
"UDP Query User{80AC0D4A-B248-4477-8398-A456A4F44E40}c:\\program files\\ea games\\mercenaries 2 world in flames\\mercenaries2.exe"= TCP:c:\program files\ea games\mercenaries 2 world in flames\mercenaries2.exe:Mercenaries 2: World in Flames
"TCP Query User{0D8C9752-1BD6-40C4-8794-4B2457A8AC2E}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{68850DD5-4BB7-4E5D-9221-CF0355B98ACB}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{9D95E662-6AD5-4406-ADFC-95703B1DE283}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{9BAD69FD-FEB0-411B-9B99-520B52706603}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{D86CC12D-FA2B-42E9-ABE8-A17642FFABC1}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{83CEC209-3128-4311-ADAE-91FB87B9F42F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{F4614691-DDD1-4363-AB48-15A6D36BF45B}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{A1FDAF92-A07D-4E9D-8287-32285D4F4F0D}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{BBFF16AB-E2DB-404D-A739-95A9BC53B0B3}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{D101B660-72CA-4331-AECC-6BED80D3F8D9}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{4FAF71E4-13BA-480C-82C3-C5D1034B8C1B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F0F86541-1037-4AD0-9C50-5B9A96896B2A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{1E0106D3-074A-4306-A37B-AB3DB341A239}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{BD44033D-BCF0-435D-9C11-8F0A070B74FD}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"{4844B5BF-BAB0-439F-B980-A334E16D4E73}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{1583BE14-9E9B-4A51-8D15-CC72BEC27FB1}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"TCP Query User{F0DCD5B1-00C5-452F-8DC7-6A8ED4E5B5B9}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{167971BF-0275-421E-B3A9-3E9413404143}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{03976804-5A1C-4A70-BC7F-0406856B15AF}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{DE1585CC-9564-49E5-B361-BB38C7AF8364}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"TCP Query User{79C9B498-F8B7-4634-A9AA-F03EFF70407B}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{80E52172-1AB2-450E-BC97-4E58897332CB}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{5D8F04AF-CE82-4A14-BFCF-1DC507FA07EC}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3AA029C8-AB1D-4FEB-B240-DB1DE69D80A9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C960A1F9-14F7-4CCC-94AD-BD7500876031}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D943C276-28DC-42DA-BF19-4A0A7F3EECF2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{353F06E8-880A-4ACF-BAAF-78835D3C4176}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{38DE8097-2EED-448F-9463-463D5880ABA2}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"{F1268F44-AEE5-4EBD-A37F-85D76ADE3202}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{219B1588-8C6A-4987-8D7F-EDBA22F1F346}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{F6E50E2F-275B-41CF-A960-05D28D543A7D}c:\\program files\\steam\\steamapps\\wonderif\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\wonderif\garrysmod\hl2.exe:hl2
"UDP Query User{B4504355-B02F-42D6-B9D2-312C4E1CBCD2}c:\\program files\\steam\\steamapps\\wonderif\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\wonderif\garrysmod\hl2.exe:hl2
"{E871C64F-50E5-4E01-A5C1-856961C61D34}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{F945E70C-C79F-47DD-80AB-2769B27E9AA4}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{FA388931-9F73-43A2-AF8C-BCD79192523E}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{484ABD23-4FA5-4DE7-9251-62C2D944DC35}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{CF30A23D-5401-4026-9D0A-BDB1BFB54C85}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{725A1A51-A355-4A4E-9AFB-251C34ABA709}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D10E9542-0EC1-423D-B4BC-7DF6D4934C37}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{51C6DFE4-F333-4B01-82C9-138508E51C22}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\dvdcheck.exe
\shell\directx\command - DirectX9\dxsetup.exe
\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62dca257-65d4-11dd-a97d-806e6f6e6963}]
\shell\AutoRun\command - D:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

2008-12-19 c:\windows\Tasks\Scan for Potentially Unwanted Applications 12pm and 6pm.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-05-12 10:43]

2008-12-20 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
 
**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 14:32:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5256)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Sophos\Sophos Anti-Virus\SavService.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\rundll32.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Raxco\PerfectDisk2008\PD91AgentS1.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-20 14:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 19:52:53

Pre-Run: 93,306,220,544 bytes free
Post-Run: 95,300,800,512 bytes free

363 --- E O F --- 2008-12-19 22:09:47
 
You must log in or register to reply here.
Back
Top