Jump to content

joe candy

Members
  • Content Count

    46
  • Joined

  • Last visited

About joe candy

  • Rank
    Member
  1. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8156 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 13/11/2011 23:30:01 mbam-log-2011-11-13 (23-30-01).txt Scan type: Quick scan Objects scanned: 167680 Time elapsed: 3 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 Run by mikeleno at 7:45:50 on 2011-11-14 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2985.1545 [GMT 0:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Windows\system32\CxAudMsg32.exe C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Intel\Services\IPT\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\SAsrv.exe C:\Program Files\Lenovo\Access Connections\AcSvc.exe C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\Evaer\videochannel.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uRun: [avichannel] "c:\program files\evaer\videochannel.exe" mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe mRun: [ALCKRESI.EXE] c:\program files\lenovo\autolock\ALCKRESI.EXE mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [ForteConfig] c:\program files\conexant\forteconfig\fmapp.exe mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) LSP: c:\windows\system32\EasyRedirect.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{43F5A403-EAE9-4E27-A53D-EE94B8053EBC} : DhcpNameServer = 192.168.1.254 Notify: igfxcui - igfxdev.dll Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mikeleno\appdata\roaming\mozilla\firefox\profiles\o6t7j4wz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Element Hiding Helper for Adblock Plus: [email protected] - %profile%\extensions\[email protected] FF - Ext: NextPlease: {57B65ABB-F4E3-4358-8472-15AEE0833E11} - %profile%\extensions\{57B65ABB-F4E3-4358-8472-15AEE0833E11} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: vshare Add-On: {dd05fd3d-18df-4ce4-ae53-e795339c5f01} - %profile%\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-21 218688] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-6-21 13680] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 MpKsl8f51aade;MpKsl8f51aade;c:\programdata\microsoft\microsoft antimalware\definition updates\{cb0b4872-b0dd-44de-a98f-3a590ecc0430}\MpKsl8f51aade.sys [2011-11-13 28752] R1 PHCORE;PHCORE;c:\program files\lenovo\rapidboot\PHCORE.sys [2010-12-3 33640] R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-10-28 190592] R2 EasyRedirect;EasyRedirect;c:\program files\easy-hide-ip\rdr\EasyRedirect.exe [2011-8-21 3092480] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-23 212944] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-6-21 40808] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-6-21 45496] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-6-21 59240] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-6-21 93032] R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files\m-audio\midisport\AudioDevMon.exe [2010-10-6 1636872] R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-17 3576320] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-6-20 148840] R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-6-21 75264] R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2011-10-28 446592] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-6-21 99328] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-6-21 64440] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-6-21 2656280] R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-6-21 132096] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-6-21 269824] R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-6-12 41088] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-21 327784] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192Ce.sys [2011-6-12 804968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 HyperW7Svc;HyperW7 Service;c:\program files\lenovo\rapidboot\HyperW7Svc.exe [2010-12-3 107880] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-6-21 10542080] S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2011-4-29 580096] S3 MackieAudio;Mackie Audio Driver;c:\windows\system32\drivers\MackieAudio.sys [2011-7-10 109408] S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\drivers\MAudioMIDISPORT_DFU.sys [2010-10-6 23304] S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 21744] S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-6-20 83304] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-2 15872] S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2011-7-28 1521544] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-11 1343400] . =============== Created Last 30 ================ . 2011-11-13 23:38:09 -------- d-----w- c:\program files\ESET 2011-11-13 23:24:12 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cb0b4872-b0dd-44de-a98f-3a590ecc0430}\MpKsl8f51aade.sys 2011-11-13 23:24:10 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cb0b4872-b0dd-44de-a98f-3a590ecc0430}\offreg.dll 2011-11-13 20:31:55 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cb0b4872-b0dd-44de-a98f-3a590ecc0430}\mpengine.dll 2011-11-13 20:29:55 -------- d-sh--w- C:\$RECYCLE.BIN 2011-11-13 20:25:34 -------- d-----w- c:\users\mikeleno\appdata\local\temp 2011-11-13 09:02:49 98816 ----a-w- c:\windows\sed.exe 2011-11-13 09:02:49 518144 ----a-w- c:\windows\SWREG.exe 2011-11-13 09:02:49 256000 ----a-w- c:\windows\PEV.exe 2011-11-13 09:02:49 208896 ----a-w- c:\windows\MBR.exe 2011-11-11 00:57:27 -------- d-----w- c:\users\mikeleno\appdata\roaming\Evaer 2011-11-11 00:56:24 -------- d-----w- c:\program files\Evaer 2011-11-11 00:27:34 -------- d-----w- c:\users\mikeleno\IMCapture for Skype 2011-11-11 00:27:31 -------- d-----w- c:\users\mikeleno\appdata\roaming\IMCapture for Skype 2011-11-11 00:26:16 -------- d-----w- c:\program files\common files\GeoVid 2011-11-07 19:56:06 -------- d-----w- c:\program files\Pianissimo 2011-10-30 12:21:16 -------- d-----r- c:\program files\Skype 2011-10-28 10:13:29 -------- d-----w- c:\program files\CONEXANT 2011-10-28 09:47:39 190592 ------w- c:\windows\system32\CxAudMsg32.exe 2011-10-28 09:47:35 1632 ------w- c:\windows\system32\drivers\SamSfPa.dat 2011-10-28 09:46:50 446592 ------w- c:\windows\system32\SASrv.exe 2011-10-28 09:45:57 -------- d-----w- c:\program files\CONEXANT.old2 2011-10-28 09:02:48 -------- d-----w- c:\program files\CONEXANT.old 2011-10-28 08:46:43 367232 ----a-w- c:\windows\system32\UCI32A74.dll 2011-10-28 08:46:43 1280128 ----a-w- c:\windows\system32\drivers\CHDRT32.sys 2011-10-26 17:45:06 -------- d-----w- c:\users\mikeleno\appdata\roaming\PACE Anti-Piracy 2011-10-26 17:45:06 -------- d-----w- c:\users\mikeleno\appdata\local\PACE Anti-Piracy 2011-10-25 21:30:08 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573} 2011-10-25 21:29:18 -------- d-----w- c:\programdata\Native Instruments 2011-10-25 21:29:17 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} 2011-10-25 21:29:04 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} 2011-10-25 21:29:02 -------- d-----w- c:\program files\Native Instruments 2011-10-25 21:29:02 -------- d-----w- c:\program files\common files\Native Instruments 2011-10-15 19:21:45 -------- d-----w- c:\users\mikeleno\appdata\local\MetaGeek,_LLC . ==================== Find3M ==================== . 2011-10-01 18:38:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 7:46:12.35 =============== eset scan.txt Attach.txt
  2. ComboFix 11-11-12.04 - mikeleno 13/11/2011 20:19:42.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2985.1807 [GMT 0:00] Running from: c:usersmikelenoDesktopComboFix.exe Command switches used :: c:usersmikelenoDesktopCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:usersmikelenoAppDataLocal5f6dd222 c:[email protected] c:usersmikelenoAppDataLocal5f6dd222loader.tlb c:usersmikelenoAppDataRoaming89C3C c:usersmikelenoAppDataRoaming89C3Clvvm.exe c:usersmikelenoAppDataRoamingB8C89 c:usersmikelenoAppDataRoamingB8C89641E8.exe c:usersmikelenoAppDataRoamingB8C899C3C.8C8 c:usersmikelenoAppDataRoamingMicrosoftE85B c:usersmikelenoAppDataRoamingMicrosoftE85B3FF8.tmp c:usersmikelenoAppDataRoamingMicrosoftE85BEFA5.tmp . . ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 ))))))))))))))))))))))))))))))) . . 2011-11-13 20:25 . 2011-11-13 20:27 -------- d-----w- c:usersmikelenoAppDataLocaltemp 2011-11-13 20:25 . 2011-11-13 20:25 -------- d-----w- c:usersDefaultAppDataLocaltemp 2011-11-13 17:11 . 2011-11-13 17:11 28752 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{3BE7C611-9565-4B44-923F-BD1A2D89B784}MpKsl0216eef8.sys 2011-11-13 17:11 . 2011-11-13 20:26 56200 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{3BE7C611-9565-4B44-923F-BD1A2D89B784}offreg.dll 2011-11-13 17:11 . 2011-10-07 03:48 6668624 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{3BE7C611-9565-4B44-923F-BD1A2D89B784}mpengine.dll 2011-11-11 00:57 . 2011-11-11 20:58 -------- d-----w- c:usersmikelenoAppDataRoamingEvaer 2011-11-11 00:56 . 2011-11-11 23:57 -------- d-----w- c:program filesEvaer 2011-11-11 00:27 . 2011-11-11 00:27 -------- d-----w- c:usersmikelenoIMCapture for Skype 2011-11-11 00:27 . 2011-11-11 00:27 -------- d-----w- c:usersmikelenoAppDataRoamingIMCapture for Skype 2011-11-11 00:26 . 2011-11-11 00:26 -------- d-----w- c:program filesCommon FilesGeoVid 2011-11-07 19:56 . 2011-11-07 19:56 -------- d-----w- c:program filesPianissimo 2011-10-30 12:21 . 2011-11-11 23:14 -------- d-----w- c:usersmikelenoAppDataRoamingSkype 2011-10-30 12:21 . 2011-10-30 12:21 -------- d-----r- c:program filesSkype 2011-10-30 12:21 . 2011-10-30 12:21 -------- d-----w- c:programdataSkype 2011-10-28 10:13 . 2011-10-28 10:55 -------- d-----w- c:program filesCONEXANT 2011-10-28 09:47 . 2010-12-17 06:17 190592 ------w- c:windowssystem32CxAudMsg32.exe 2011-10-28 09:47 . 2010-11-17 03:51 1632 ------w- c:windowssystem32driversSamSfPa.dat 2011-10-28 09:46 . 2011-01-07 11:28 446592 ------w- c:windowssystem32SASrv.exe 2011-10-28 08:46 . 2011-03-24 14:37 1280128 ----a-w- c:windowssystem32driversCHDRT32.sys 2011-10-28 08:46 . 2011-03-14 10:40 367232 ----a-w- c:windowssystem32UCI32A74.dll 2011-10-26 17:45 . 2011-10-26 17:45 -------- d-----w- c:usersmikelenoAppDataRoamingPACE Anti-Piracy 2011-10-26 17:45 . 2011-10-26 17:45 -------- d-----w- c:usersmikelenoAppDataLocalPACE Anti-Piracy 2011-10-25 21:30 . 2011-10-25 21:30 -------- dc-h--w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573} 2011-10-25 21:29 . 2011-10-25 21:29 -------- d-----w- c:programdataNative Instruments 2011-10-25 21:29 . 2011-10-25 21:29 -------- dc-h--w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} 2011-10-25 21:29 . 2011-10-25 21:29 -------- dc-h--w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} 2011-10-25 21:29 . 2011-10-25 21:29 -------- d-----w- c:program filesCommon FilesNative Instruments 2011-10-25 21:29 . 2011-10-25 21:29 -------- d-----w- c:program filesNative Instruments 2011-10-15 19:21 . 2011-10-15 19:21 -------- d-----w- c:usersmikelenoAppDataLocalMetaGeek,_LLC . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-11 20:02 . 2011-10-11 20:03 703824 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{D81FE424-7C74-42DB-989B-6E113EB92971}gapaengine.dll 2011-10-07 03:48 . 2011-06-25 22:12 6668624 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2011-10-01 18:38 . 2011-06-21 21:49 404640 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-09-01 19:48 . 2011-09-01 19:42 1554688 ----a-w- c:programdataMicrosoftVisualStudio10.01033ResourceCache.dll 2011-08-31 16:00 . 2011-07-12 21:25 22216 ----a-w- c:windowssystem32driversmbam.sys . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} ---- . 2011-10-25 21:29 . 2011-10-25 21:29 118 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}instance.dat 2011-10-25 21:29 . 2011-10-25 21:29 2850 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.par 2011-10-25 21:29 . 2011-10-25 21:29 434 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.dat 2011-10-25 21:29 . 2009-07-17 14:24 579156 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}mia.lib 2011-10-25 21:29 . 2009-07-17 14:24 3463948 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.res 2011-10-25 21:29 . 2009-07-17 14:24 286208 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.msi 2011-10-25 21:29 . 2009-07-17 14:24 2921432 -c--a-w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}Controller Editor Setup.exe . ---- Directory of c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573} ---- . 2011-10-25 21:30 . 2011-10-25 21:30 113 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}instance.dat 2011-10-25 21:30 . 2011-10-25 21:30 4950 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}Guitar Rig 4 Setup PC.par 2011-10-25 21:30 . 2011-10-25 21:30 974 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}Guitar Rig 4 Setup PC.dat 2011-10-25 21:30 . 2009-08-11 16:33 579156 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}mia.lib 2011-10-25 21:30 . 2009-08-11 16:33 7477926 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}Guitar Rig 4 Setup PC.res 2011-10-25 21:30 . 2009-08-11 16:33 1035776 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}Guitar Rig 4 Setup PC.msi 2011-10-25 21:30 . 2009-08-11 16:33 3764552 -c--a-w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573}Guitar Rig 4 Setup PC.exe . ---- Directory of c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} ---- . 2011-10-25 21:29 . 2011-10-25 21:29 115 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}instance.dat 2011-10-25 21:29 . 2011-10-25 21:29 5221 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.par 2011-10-25 21:29 . 2011-10-25 21:29 303 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.dat 2011-10-25 21:29 . 2009-07-27 10:24 579156 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}mia.lib 2011-10-25 21:29 . 2009-07-27 10:24 3376249 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.res 2011-10-25 21:29 . 2009-07-27 10:24 289792 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.msi 2011-10-25 21:29 . 2009-07-27 10:24 2933600 -c--a-w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}Service Center Setup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "avichannel"="c:program filesEvaervideochannel.exe" [2011-10-10 1686016] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "PWMTRV"="c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL" [2011-05-10 1258856] "RotateImage"="c:program filesIntegrated Camera DriverRCIMGDIR.exe" [2008-10-30 31744] "ALCKRESI.EXE"="c:program filesLenovoAutoLockALCKRESI.EXE" [2011-04-04 281960] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2011-05-05 2262312] "LENOVO.TPKNRRES"="c:program filesLenovoCommunications UtilityTPKNRRES.exe" [2011-04-04 41320] "AcWin7Hlpr"="c:program filesLenovoAccess ConnectionsAcTBenabler.exe" [2011-04-14 31592] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-03-31 143384] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-03-31 176664] "Persistence"="c:windowssystem32igfxpers.exe" [2011-03-31 178200] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2010-11-30 997408] "PSQLLauncher"="c:program filesThinkVantage Fingerprint Softwarelauncher.exe" [2010-12-08 55120] "Malwarebytes' Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2011-08-31 1047208] "ForteConfig"="c:program filesConexantForteConfigfmapp.exe" [2010-10-26 49568] "SmartAudio"="c:program filesCONEXANTSAIISAIICpl.exe" [2011-04-26 310912] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifypsfus] 2010-12-08 12:16 100176 ----a-w- c:program filesThinkVantage Fingerprint Softwarepsqlpwd.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Notification Packages REG_MULTI_SZ scecli c:program filesThinkVantage Fingerprint Softwarepsqlpwd.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . R1 MpKsl093cbb52;MpKsl093cbb52;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{9A5514E4-E9BE-4FC1-8349-5781CF24FA2C}MpKsl093cbb52.sys [x] R1 MpKslfe61bf47;MpKslfe61bf47;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{6AFE61FF-53A7-409E-A9BD-4BA2ED6680B0}MpKslfe61bf47.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 HyperW7Svc;HyperW7 Service;c:program filesLenovoRapidBootHyperW7Svc.exe [2010-12-03 107880] R3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [x] R3 intelkmd;intelkmd;c:windowssystem32DRIVERSigdpmd32.sys [2011-03-25 10542080] R3 L6TPortB;Service - Line 6 TonePort UX2;c:windowssystem32DriversL6TPortB.sys [2011-04-29 580096] R3 MackieAudio;Mackie Audio Driver;c:windowssystem32DRIVERSMackieAudio.sys [2009-12-15 109408] R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:windowssystem32DRIVERSMAudioMIDISPORT_DFU.sys [2010-10-06 23304] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:windowssystem32DRIVERSMAudioMIDISPORT.sys [2010-10-06 169224] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2010-10-24 43392] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:windowssystem32DRIVERSnetr73.sys [2009-07-13 545792] R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2010-11-11 206360] R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filespc-doctorpcdsrvc.pkms [2011-03-31 21744] R3 Power Manager DBC Service;Power Manager DBC Service;c:program filesThinkPadUtilitiesPWMDBSVC.EXE [2011-05-10 83304] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872] R3 StkCMini;Syntek AVStream USB2.0 ATV;c:windowssystem32DriversStkCMini.sys [2010-04-16 1521544] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-08-11 1343400] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-06-21 218688] S1 lenovo.smi;Lenovo System Interface Driver;c:windowssystem32DRIVERSsmiif32.sys [2010-09-07 13680] S1 MpKsl0216eef8;MpKsl0216eef8;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{3BE7C611-9565-4B44-923F-BD1A2D89B784}MpKsl0216eef8.sys [2011-11-13 28752] S1 PHCORE;PHCORE;c:program filesLenovoRapidBootPHCORE.SYS [2010-12-03 33640] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128] S2 CxAudMsg;Conexant Audio Message Service;c:windowssystem32CxAudMsg32.exe [2010-12-17 190592] S2 EasyRedirect;EasyRedirect;c:program filesEasy-Hide-IPrdrEasyRedirect.exe [2011-05-03 3092480] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:program filesIntelServicesIPTjhi_service.exe [2011-02-23 212944] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:program filesLenovoCommunications UtilityCAMMUTE.exe [2011-04-04 40808] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program filesLENOVOHOTKEYMICMUTE.exe [2010-11-24 45496] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:program filesLenovoCommunications UtilityTPKNRSVC.exe [2011-04-04 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:program filesLENOVOVIRTSCRLlvvsst.exe [2010-04-07 93032] S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:program filesM-AudioMIDISPORTAudioDevMon.exe [2010-10-06 1636872] S2 NIHardwareService;NIHardwareService;c:program filesCommon FilesNative InstrumentsHardwareNIHardwareService.exe [2009-07-17 3576320] S2 PwmEWSvc;Cisco EnergyWise Enabler;c:program filesThinkPadUtilitiesPWMEWSVC.EXE [2011-05-10 148840] S2 risdxc;risdxc;c:windowssystem32DRIVERSrisdxc86.sys [2011-03-23 75264] S2 SAService;Conexant SmartAudio service;c:windowssystem32SAsrv.exe [2011-01-07 446592] S2 smihlp;SMI Helper Driver (smihlp);c:program filesThinkVantage Fingerprint Softwaresmihlp.sys [2009-03-13 12560] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:program filesLENOVOHOTKEYTPHKLOAD.exe [2010-12-03 99328] S2 TPHKSVC;On Screen Display;c:program filesLENOVOHOTKEYTPHKSVC.exe [2010-12-02 64440] S2 UNS;Intel® Management and Security Application User Notification Service;c:program filesIntelIntel® Management Engine ComponentsUNSUNS.exe [2011-02-22 2656280] S3 5U877;USB Video Device;c:windowssystem32DRIVERS5U877.sys [2011-03-04 132096] S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-10-15 269824] S3 MEI;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECI.sys [2010-10-19 41088] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2010-12-29 327784] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:windowssystem32DRIVERSrtl8192Ce.sys [2010-12-14 804968] . . Contents of the 'Scheduled Tasks' folder . 2011-10-26 c:windowsTasksPCDoctorBackgroundMonitorTask.job - c:program filesPC-Doctoruaclauncher.exe [2011-03-31 22:04] . 2011-11-13 c:windowsTasksSystemToolsDailyTest.job - c:program filesPC-Doctoruaclauncher.exe [2011-03-31 22:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ LSP: c:windowssystem32EasyRedirect.dll TCP: DhcpNameServer = 192.168.1.254 DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab FF - ProfilePath - c:usersmikelenoAppDataRoamingMozillaFirefoxProfileso6t7j4wz.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Element Hiding Helper for Adblock Plus: [email protected] - %profile%[email protected] FF - Ext: NextPlease: {57B65ABB-F4E3-4358-8472-15AEE0833E11} - %profile%extensions{57B65ABB-F4E3-4358-8472-15AEE0833E11} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: vshare Add-On: {dd05fd3d-18df-4ce4-ae53-e795339c5f01} - %profile%extensions{dd05fd3d-18df-4ce4-ae53-e795339c5f01} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781} . . [HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{3037D694-FD904ACA-06020101}_0] "ImagePath"="??c:program filespc-doctorpcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(596) c:program filesThinkVantage Fingerprint Softwarepsqlpwd.dll c:program filesThinkVantage Fingerprint Softwarehomefus2.dll c:program filesThinkVantage Fingerprint Softwareinfql2.dll . ------------------------ Other Running Processes ------------------------ . c:windowssystem32ibmpmsvc.exe c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe c:windowssystem32WUDFHost.exe c:program filesThinkVantage Fingerprint Softwareupeksvr.exe c:program filesLenovoAccess ConnectionsAcPrfMgrSvc.exe c:progra~1LenovoHOTKEYtpnumlk.exe c:program filesIntelWiFibinEvtEng.exe c:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe c:program filesCommon FilesIntelWirelessCommonRegSrvc.exe c:windowssystem32sppsvc.exe c:program filesLenovoAccess ConnectionsAcSvc.exe c:windowssystem32taskhost.exe c:windowssystem32wbemunsecapp.exe c:windowssystem32rundll32.exe c:progra~1LenovoHOTKEYTPONSCR.EXE c:progra~1LENOVOVIRTSCRLvirtscrl.exe c:windowssystem32rundll32.exe c:progra~1LenovoHOTKEYtpnumlkd.exe c:windowssystem32conhost.exe c:program filesLenovoAccess ConnectionsSvcGuiHlpr.exe c:windowsSystem32rundll32.exe c:program filesSynapticsSynTPSynTPLpr.exe c:program filesSynapticsSynTPSynTPHelper.exe c:progra~1ThinkPadUTILIT~1SCHTASK.exe c:program filesWindows Media Playerwmpnetwk.exe c:windowssystem32WerFault.exe c:program filesIntelIntel® Management Engine ComponentsLMSLMS.exe c:program filesLenovoSystem UpdateSUService.exe . ************************************************************************** . Completion time: 2011-11-13 20:30:18 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-13 20:30 . Pre-Run: 345,910,489,088 bytes free Post-Run: 345,859,997,696 bytes free . - - End Of File - - 1F9510D6C3C496C4CD6751047C0C9F5E
  3. http://www.virustotal.com/file-scan/report.html?id=8e82206a435ba38cb94e659b4fb8a178431e429594c6b0774f148ef0581840b4-1321203224 SystemLook 30.07.11 by jpshortstuff Log created at 17:05 on 13/11/2011 by mikeleno Administrator - Elevation successful ========== dir ========== c:usersmikelenoAppDataRoamingMicrosoftE85B - Parameters: "(none)" ---Files--- 3AAA.tmp --a---- 102400 bytes [00:30 12/11/2011] [00:30 12/11/2011] 3FF8.tmp --a---- 0 bytes [00:30 12/11/2011] [00:30 12/11/2011] EFA5.tmp --a---- 0 bytes [00:29 12/11/2011] [00:29 12/11/2011] ---Folders--- None found. c:usersmikelenoAppDataRoaming89C3C - Parameters: "(none)" ---Files--- lvvm.exe --a---- 190464 bytes [00:30 12/11/2011] [00:30 12/11/2011] ---Folders--- None found. c:usersmikelenoAppDataLocal5f6dd222 - Parameters: "(none)" ---Files--- @ --ahs-- 2048 bytes [00:29 12/11/2011] [00:29 12/11/2011] loader.tlb --ahs-- 2632 bytes [00:29 12/11/2011] [09:00 13/11/2011] ---Folders--- None found. c:usersmikelenoAppDataRoamingB8C89 - Parameters: "(none)" ---Files--- 641E8.exe --a---- 173056 bytes [00:29 12/11/2011] [00:29 12/11/2011] 9C3C.8C8 --a---- 2220 bytes [00:29 12/11/2011] [00:48 12/11/2011] ---Folders--- None found. -= EOF =-
  4. defogger did not ask to reboot machine so i rebooted manually. edit - my system seems ok now, browsing ok, no pop ups from mse. internet explorer did have the proxy box ticked, i unticked it but i dont use IE anyway. thanks for your help jontom. looks like combofix cleans the system. here is the combofix log ComboFix 11-11-12.04 - mikeleno 13/11/2011 9:05.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2985.2072 [GMT 0:00] Running from: c:usersmikelenoDesktopComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:Install.exe c:programdataRoaming c:usersmikelenoAppDataLocal5f6dd222U c:usersmikelenoAppDataLocal5f6dd222U800000cb.$ c:[email protected] c:usersmikelenoAppDataLocal5f6dd222X c:usersmikelenoAppDataLocalvolmgr.dll Q:Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 ))))))))))))))))))))))))))))))) . . 2011-11-13 09:11 . 2011-11-13 09:13 -------- d-----w- c:usersmikelenoAppDataLocaltemp 2011-11-13 09:11 . 2011-11-13 09:11 -------- d-----w- c:usersDefaultAppDataLocaltemp 2011-11-13 09:00 . 2011-11-13 09:12 56200 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4DB61DA5-7D22-4045-925A-549C652884E9}offreg.dll 2011-11-12 11:03 . 2011-10-07 03:48 6668624 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4DB61DA5-7D22-4045-925A-549C652884E9}mpengine.dll 2011-11-12 00:30 . 2011-11-12 00:30 102400 ----a-w- c:usersmikelenoAppDataRoamingMicrosoftE85B3AAA.tmp 2011-11-12 00:29 . 2011-11-12 00:30 -------- d-----w- c:usersmikelenoAppDataRoaming89C3C 2011-11-12 00:29 . 2011-11-13 09:10 -------- d-sh--w- c:usersmikelenoAppDataLocal5f6dd222 2011-11-12 00:29 . 2011-11-12 00:29 -------- d-----w- c:usersmikelenoAppDataRoamingB8C89 2011-11-11 00:57 . 2011-11-11 20:58 -------- d-----w- c:usersmikelenoAppDataRoamingEvaer 2011-11-11 00:56 . 2011-11-11 23:57 -------- d-----w- c:program filesEvaer 2011-11-11 00:27 . 2011-11-11 00:27 -------- d-----w- c:usersmikelenoIMCapture for Skype 2011-11-11 00:27 . 2011-11-11 00:27 -------- d-----w- c:usersmikelenoAppDataRoamingIMCapture for Skype 2011-11-11 00:26 . 2011-11-11 00:26 -------- d-----w- c:program filesCommon FilesGeoVid 2011-11-07 19:56 . 2011-11-07 19:56 -------- d-----w- c:program filesPianissimo 2011-10-30 12:21 . 2011-11-11 23:14 -------- d-----w- c:usersmikelenoAppDataRoamingSkype 2011-10-30 12:21 . 2011-10-30 12:21 -------- d-----r- c:program filesSkype 2011-10-30 12:21 . 2011-10-30 12:21 -------- d-----w- c:programdataSkype 2011-10-28 10:13 . 2011-10-28 10:55 -------- d-----w- c:program filesCONEXANT 2011-10-28 09:47 . 2010-12-17 06:17 190592 ------w- c:windowssystem32CxAudMsg32.exe 2011-10-28 09:47 . 2010-11-17 03:51 1632 ------w- c:windowssystem32driversSamSfPa.dat 2011-10-28 09:46 . 2011-01-07 11:28 446592 ------w- c:windowssystem32SASrv.exe 2011-10-28 08:46 . 2011-03-24 14:37 1280128 ----a-w- c:windowssystem32driversCHDRT32.sys 2011-10-28 08:46 . 2011-03-14 10:40 367232 ----a-w- c:windowssystem32UCI32A74.dll 2011-10-26 17:45 . 2011-10-26 17:45 -------- d-----w- c:usersmikelenoAppDataRoamingPACE Anti-Piracy 2011-10-26 17:45 . 2011-10-26 17:45 -------- d-----w- c:usersmikelenoAppDataLocalPACE Anti-Piracy 2011-10-25 21:30 . 2011-10-25 21:30 -------- dc-h--w- c:programdata{D69A48BF-7653-4AA8-94BC-5847522A4573} 2011-10-25 21:29 . 2011-10-25 21:29 -------- d-----w- c:programdataNative Instruments 2011-10-25 21:29 . 2011-10-25 21:29 -------- dc-h--w- c:programdata{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} 2011-10-25 21:29 . 2011-10-25 21:29 -------- dc-h--w- c:programdata{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} 2011-10-25 21:29 . 2011-10-25 21:29 -------- d-----w- c:program filesCommon FilesNative Instruments 2011-10-25 21:29 . 2011-10-25 21:29 -------- d-----w- c:program filesNative Instruments 2011-10-15 19:21 . 2011-10-15 19:21 -------- d-----w- c:usersmikelenoAppDataLocalMetaGeek,_LLC . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-11 20:02 . 2011-10-11 20:03 703824 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{D81FE424-7C74-42DB-989B-6E113EB92971}gapaengine.dll 2011-10-07 03:48 . 2011-06-25 22:12 6668624 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2011-10-01 18:38 . 2011-06-21 21:49 404640 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-09-01 19:48 . 2011-09-01 19:42 1554688 ----a-w- c:programdataMicrosoftVisualStudio10.01033ResourceCache.dll 2011-08-31 16:00 . 2011-07-12 21:25 22216 ----a-w- c:windowssystem32driversmbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "avichannel"="c:program filesEvaervideochannel.exe" [2011-10-10 1686016] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "PWMTRV"="c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL" [2011-05-10 1258856] "RotateImage"="c:program filesIntegrated Camera DriverRCIMGDIR.exe" [2008-10-30 31744] "ALCKRESI.EXE"="c:program filesLenovoAutoLockALCKRESI.EXE" [2011-04-04 281960] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2011-05-05 2262312] "LENOVO.TPKNRRES"="c:program filesLenovoCommunications UtilityTPKNRRES.exe" [2011-04-04 41320] "AcWin7Hlpr"="c:program filesLenovoAccess ConnectionsAcTBenabler.exe" [2011-04-14 31592] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-03-31 143384] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-03-31 176664] "Persistence"="c:windowssystem32igfxpers.exe" [2011-03-31 178200] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2010-11-30 997408] "PSQLLauncher"="c:program filesThinkVantage Fingerprint Softwarelauncher.exe" [2010-12-08 55120] "Malwarebytes' Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2011-08-31 1047208] "ForteConfig"="c:program filesConexantForteConfigfmapp.exe" [2010-10-26 49568] "SmartAudio"="c:program filesCONEXANTSAIISAIICpl.exe" [2011-04-26 310912] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifypsfus] 2010-12-08 12:16 100176 ----a-w- c:program filesThinkVantage Fingerprint Softwarepsqlpwd.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Notification Packages REG_MULTI_SZ scecli c:program filesThinkVantage Fingerprint Softwarepsqlpwd.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . R1 MpKsl093cbb52;MpKsl093cbb52;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{9A5514E4-E9BE-4FC1-8349-5781CF24FA2C}MpKsl093cbb52.sys [x] R1 MpKslfe61bf47;MpKslfe61bf47;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{6AFE61FF-53A7-409E-A9BD-4BA2ED6680B0}MpKslfe61bf47.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 HyperW7Svc;HyperW7 Service;c:program filesLenovoRapidBootHyperW7Svc.exe [2010-12-03 107880] R3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [x] R3 intelkmd;intelkmd;c:windowssystem32DRIVERSigdpmd32.sys [2011-03-25 10542080] R3 L6TPortB;Service - Line 6 TonePort UX2;c:windowssystem32DriversL6TPortB.sys [2011-04-29 580096] R3 MackieAudio;Mackie Audio Driver;c:windowssystem32DRIVERSMackieAudio.sys [2009-12-15 109408] R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:windowssystem32DRIVERSMAudioMIDISPORT_DFU.sys [2010-10-06 23304] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:windowssystem32DRIVERSMAudioMIDISPORT.sys [2010-10-06 169224] R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2010-10-24 43392] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:windowssystem32DRIVERSnetr73.sys [2009-07-13 545792] R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2010-11-11 206360] R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filespc-doctorpcdsrvc.pkms [2011-03-31 21744] R3 Power Manager DBC Service;Power Manager DBC Service;c:program filesThinkPadUtilitiesPWMDBSVC.EXE [2011-05-10 83304] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:windowssystem32DRIVERSrtl8192Ce.sys [2010-12-14 804968] R3 StkCMini;Syntek AVStream USB2.0 ATV;c:windowssystem32DriversStkCMini.sys [2010-04-16 1521544] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-08-11 1343400] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-06-21 218688] S1 lenovo.smi;Lenovo System Interface Driver;c:windowssystem32DRIVERSsmiif32.sys [2010-09-07 13680] S1 PHCORE;PHCORE;c:program filesLenovoRapidBootPHCORE.SYS [2010-12-03 33640] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128] S2 CxAudMsg;Conexant Audio Message Service;c:windowssystem32CxAudMsg32.exe [2010-12-17 190592] S2 EasyRedirect;EasyRedirect;c:program filesEasy-Hide-IPrdrEasyRedirect.exe [2011-05-03 3092480] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:program filesIntelServicesIPTjhi_service.exe [2011-02-23 212944] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:program filesLenovoCommunications UtilityCAMMUTE.exe [2011-04-04 40808] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program filesLENOVOHOTKEYMICMUTE.exe [2010-11-24 45496] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:program filesLenovoCommunications UtilityTPKNRSVC.exe [2011-04-04 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:program filesLENOVOVIRTSCRLlvvsst.exe [2010-04-07 93032] S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:program filesM-AudioMIDISPORTAudioDevMon.exe [2010-10-06 1636872] S2 NIHardwareService;NIHardwareService;c:program filesCommon FilesNative InstrumentsHardwareNIHardwareService.exe [2009-07-17 3576320] S2 PwmEWSvc;Cisco EnergyWise Enabler;c:program filesThinkPadUtilitiesPWMEWSVC.EXE [2011-05-10 148840] S2 risdxc;risdxc;c:windowssystem32DRIVERSrisdxc86.sys [2011-03-23 75264] S2 SAService;Conexant SmartAudio service;c:windowssystem32SAsrv.exe [2011-01-07 446592] S2 smihlp;SMI Helper Driver (smihlp);c:program filesThinkVantage Fingerprint Softwaresmihlp.sys [2009-03-13 12560] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:program filesLENOVOHOTKEYTPHKLOAD.exe [2010-12-03 99328] S2 TPHKSVC;On Screen Display;c:program filesLENOVOHOTKEYTPHKSVC.exe [2010-12-02 64440] S2 UNS;Intel® Management and Security Application User Notification Service;c:program filesIntelIntel® Management Engine ComponentsUNSUNS.exe [2011-02-22 2656280] S3 5U877;USB Video Device;c:windowssystem32DRIVERS5U877.sys [2011-03-04 132096] S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-10-15 269824] S3 MEI;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECI.sys [2010-10-19 41088] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2010-12-29 327784] . . Contents of the 'Scheduled Tasks' folder . 2011-10-26 c:windowsTasksPCDoctorBackgroundMonitorTask.job - c:program filesPC-Doctoruaclauncher.exe [2011-03-31 22:04] . 2011-11-13 c:windowsTasksSystemToolsDailyTest.job - c:program filesPC-Doctoruaclauncher.exe [2011-03-31 22:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyServer = http=127.0.0.1:51596 LSP: c:windowssystem32EasyRedirect.dll Trusted Zone: line6.net TCP: DhcpNameServer = 192.168.1.254 DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab FF - ProfilePath - c:usersmikelenoAppDataRoamingMozillaFirefoxProfileso6t7j4wz.default FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Element Hiding Helper for Adblock Plus: [email protected] - %profile%[email protected] FF - Ext: NextPlease: {57B65ABB-F4E3-4358-8472-15AEE0833E11} - %profile%extensions{57B65ABB-F4E3-4358-8472-15AEE0833E11} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: vshare Add-On: {dd05fd3d-18df-4ce4-ae53-e795339c5f01} - %profile%extensions{dd05fd3d-18df-4ce4-ae53-e795339c5f01} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781} . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Akamai NetSession Interface - c:usersmikelenoAppDataLocalAkamainetsession_win.exe MSConfigStartUp-H2O - c:program filesSyncroSoftPosH2Ocledx.exe AddRemove-HS2_is1 - c:program filesSteinbergCubase 5VSTPluginsHypersonicHypersonic Contentunins000.exe AddRemove-Steinberg Hypersonic VSTi DXi_is1 - c:program filesSteinbergHypersonic 2Uninstallunins000.exe . . . [HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{3037D694-FD904ACA-06020101}_0] "ImagePath"="??c:program filespc-doctorpcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(588) c:program filesThinkVantage Fingerprint Softwarepsqlpwd.dll c:program filesThinkVantage Fingerprint Softwarehomefus2.dll c:program filesThinkVantage Fingerprint Softwareinfql2.dll . ------------------------ Other Running Processes ------------------------ . c:windowssystem32ibmpmsvc.exe c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe c:windowssystem32WUDFHost.exe c:program filesThinkVantage Fingerprint Softwareupeksvr.exe c:program filesLenovoAccess ConnectionsAcPrfMgrSvc.exe c:program filesIntelWiFibinEvtEng.exe c:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe c:program filesCommon FilesIntelWirelessCommonRegSrvc.exe c:windowssystem32sppsvc.exe c:program filesLenovoAccess ConnectionsAcSvc.exe c:windowssystem32taskhost.exe c:windowssystem32WUDFHost.exe c:progra~1LenovoHOTKEYtpnumlk.exe c:windowssystem32wbemunsecapp.exe c:windowssystem32rundll32.exe c:progra~1LenovoHOTKEYTPONSCR.EXE c:progra~1LENOVOVIRTSCRLvirtscrl.exe c:windowssystem32rundll32.exe c:progra~1LenovoHOTKEYtpnumlkd.exe c:program filesLenovoAccess ConnectionsSvcGuiHlpr.exe c:windowssystem32conhost.exe c:windowsSystem32rundll32.exe c:program filesSynapticsSynTPSynTPLpr.exe c:progra~1ThinkPadUTILIT~1SCHTASK.exe c:program filesSynapticsSynTPSynTPHelper.exe c:windowssystem32WerFault.exe c:program filesIntelIntel® Management Engine ComponentsLMSLMS.exe c:program filesLenovoSystem UpdateSUService.exe . ************************************************************************** . Completion time: 2011-11-13 09:16:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-13 09:16 . Pre-Run: 342,063,558,656 bytes free Post-Run: 346,023,768,064 bytes free . - - End Of File - - E7927B09DB7345BF654DF65AF4DAB313
  5. hi, i have attached the files requested DDS.txt Gmer.txt Attach.txt
  6. i downloaded some software that when installing security essentials came up with a warning about these viruses. mse says my computer is clean but i did scan with malwarebytes that found a loads of stuff. i removed most of it but it keeps finding a root sheet registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot. and mse keeps finding these viruses, sirefef.d and sirefef.e after rebooting.
  7. i ran avg and it found svcipa.exe so i deleted it, rebooted and my taskbar is working again. should have done that in the first place i suppose. and i didnt have system restore turned on. thanks for your help
  8. yes, remove search menu from start menu works
  9. done but no change with enabled, disabled or not configured with the Group Policy Editor --- "remove access to the context menus for the taskbar"
  10. i cant find "Disable context menus for the Task Bar". there is "remove access to the context menus for the taskbar" and i have enabled and disabled this (and rebooted after both) and it is still the same. i have put it back to not configured.
  11. i added the values in regedit (NoTrayContextMenu did not exist), rebooted and its still the same.
×
×
  • Create New...