Hi guys,
I believe my laptop is infected by various viruses. One of the viruses I have is newfolder.exe. Because of the infection, I can't execute the task manager and no folder options under the tool menu.
Attached are my log files and thanks in advanced to anyone who would help.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:42 PM, on 1/22/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\dtupdate.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RavMonE.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3523&t=01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={FC3C31B3-42B6-11E3-BFBF-002682F1B7FA}
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - (no file)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\DefaultTabBHO.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Updater By Sweetpacks Helper - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LauncherM205b] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M205 b
O4 - HKLM\..\Run: [DocuPrint m205b RUN] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRunm205b] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M205 a,hide,\S
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://support.lenovo.com/Resources/...AutoDetect.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\dtupdate.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: FXcnStatutsDatabase (FXNADB) - Unknown owner - C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Updater By Sweetpacks - Unknown owner - C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
--
End of file - 9870 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18372
Run by user at 23:38:42 on 2014-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1241 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\dtupdate.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RavMonE.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mysearchresults.com/?c=3523&t=01
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={FC3C31B3-42B6-11E3-BFBF-002682F1B7FA}
mWinlogon: Shell = Explorer.exe RVHOST.exe
BHO: {00000ADA-7E0D-47C1-986C-F017D09C4304} - <orphaned>
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\user\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: Updater By Sweetpacks: {DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\updater by sweetpacks\Extension32.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GarenaPlus] "c:\program files\garena plus\GarenaMessenger.exe" -autolaunch
uRun: [Yahoo Messengger] c:\windows\system32\RVHOST.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LauncherM205b] "c:\program files\fuji xerox\docuprint ssw2\launcher\fxlaunch.exe" /S FX DocuPrint M205 b
mRun: [DocuPrint m205b RUN] "c:\program files\fuji xerox\docuprint ssw2\simplemonitor for ap\fxksmRun.exe"
mRun: [StatusAutoRunm205b] "c:\program files\fuji xerox\docuprint ssw2\simplemonitor for ap\fxksmpl.exe" fx docuprint m205 a,hide,\S
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RavAV] c:\windows\RavMonE.exe
dRun: [Yahoo Messengger] c:\windows\system32\RVHOST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NofolderOptions = dword:1
uPolicies-System: DisableRegistryTools = dword:1
uPolicies-System: DisableTaskMgr = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NofolderOptions = dword:1
mPolicies-System: DisableTaskMgr = dword:1
mPolicies-System: DisableRegistryTools = dword:1
IE: &??&???? - <no file>
IE: &??&???????? - <no file>
IE: &??&?????? - <no file>
IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345363640125
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AC890566-0DAC-42A7-A929-2E86C672D308} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\gjb9nmy7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Sweetpacks Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mysearchresults.com/?c=3523&t=01
FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-20 574464]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\user\application data\defaulttab\defaulttab\dtupdate.exe [2013-11-1 107520]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
R2 FXNADB;FXcnStatutsDatabase;c:\program files\fuji xerox\docuprint ssw2\simplemonitor for ap\fxksmdb.exe [2011-12-2 80384]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-11-1 1488176]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs. exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-31 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-31 1042272]
R2 Updater By Sweetpacks;Updater By Sweetpacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-11-1 188760]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-8-14 40704]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2012-8-15 213544]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2012-8-19 11792]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-31 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2012-8-19 73744]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2012-8-19 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2012-8-19 579400]
S3 OAO17Afx;OAO17Afx;c:\windows\system32\drivers\OAO17Afx.sys [2009-11-18 140888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-8-15 174592]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2013-6-3 14592]
S3 vm331avs;Digital Camera 1;c:\windows\system32\drivers\vm331avs.sys --> c:\windows\system32\drivers\vm331avs.sys [?]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2014-01-20 11:25:45 3514318 ----a-w- c:\windows\RavMonE.exe
2013-12-31 06:17:46 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-31 06:17:41 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-12-31 06:17:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-30 16:05:30 -------- d-----w- c:\windows\system32\jmdp
2013-12-28 14:07:53 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-12-28 14:07:53 18544 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2013-12-28 14:07:53 153712 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-12-28 14:07:52 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-12-28 14:07:52 276592 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-12-28 14:07:52 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-12-28 14:07:52 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-12-28 14:07:36 22370928 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-12-27 08:31:22 268216 --sha-r- c:\windows\system32\RVHOST.exe
2013-12-27 08:31:22 268216 ----a-w- c:\windows\RVHOST.exe
2013-12-27 07:59:43 210992 ----a-w- c:\windows\RegBootClean.exe
2013-12-27 06:16:56 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
.
==================== Find3M ====================
.
2013-12-29 10:12:40 1488176 ----a-w- c:\windows\system32\dmwu.exe
2013-12-29 10:08:00 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-12-25 08:03:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-12-25 08:03:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-12-25 08:03:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-12-25 08:03:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-12-25 08:03:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-12-17 11:29:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-17 11:29:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-11-15 01:30:24 268216 --sha-r- c:\windows\system32\RVHOST.exe
.
============= FINISH: 23:39:25.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2012 2:44:03 AM
System Uptime: 1/22/2014 11:22:26 PM (0 hours ago)
.
Motherboard: LENOVO | | Mariana-3B
Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz | CPU 1 | 1496/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 72.94 GiB free.
D: is FIXED (NTFS) - 199 GiB total, 183.82 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP115: 10/2/2013 6:38:41 PM - System Checkpoint
RP116: 10/4/2013 7:42:56 AM - System Checkpoint
RP117: 10/5/2013 5:08:43 PM - System Checkpoint
RP118: 10/6/2013 8:51:56 PM - System Checkpoint
RP119: 10/7/2013 10:05:18 PM - System Checkpoint
RP120: 10/8/2013 10:09:08 PM - System Checkpoint
RP121: 10/10/2013 7:33:21 AM - System Checkpoint
RP122: 10/11/2013 7:51:03 PM - System Checkpoint
RP123: 10/12/2013 9:55:23 PM - System Checkpoint
RP124: 10/16/2013 7:48:28 AM - System Checkpoint
RP125: 10/17/2013 6:19:57 PM - System Checkpoint
RP126: 10/21/2013 10:30:08 PM - System Checkpoint
RP127: 10/23/2013 7:46:43 AM - System Checkpoint
RP128: 10/25/2013 10:40:10 PM - System Checkpoint
RP129: 10/27/2013 10:18:28 PM - System Checkpoint
RP130: 10/29/2013 7:33:37 AM - System Checkpoint
RP131: 11/1/2013 8:29:28 PM - System Checkpoint
RP132: 11/8/2013 5:45:10 AM - System Checkpoint
RP133: 11/9/2013 6:36:10 PM - System Checkpoint
RP134: 11/11/2013 5:05:00 PM - System Checkpoint
RP135: 11/12/2013 6:25:36 PM - System Checkpoint
RP136: 11/13/2013 7:32:39 PM - System Checkpoint
RP137: 11/18/2013 10:12:23 PM - System Checkpoint
RP138: 11/20/2013 7:32:04 AM - System Checkpoint
RP139: 11/21/2013 7:29:50 PM - System Checkpoint
RP140: 11/23/2013 10:28:47 PM - System Checkpoint
RP141: 11/25/2013 10:17:03 PM - System Checkpoint
RP142: 11/29/2013 11:02:06 PM - System Checkpoint
RP143: 12/1/2013 4:10:40 PM - System Checkpoint
RP144: 12/2/2013 9:37:18 PM - System Checkpoint
RP145: 12/3/2013 9:47:42 PM - System Checkpoint
RP146: 12/5/2013 10:31:33 PM - System Checkpoint
RP147: 12/7/2013 6:44:26 PM - System Checkpoint
RP148: 12/8/2013 9:07:25 PM - System Checkpoint
RP149: 12/10/2013 7:31:42 PM - System Checkpoint
RP150: 12/15/2013 5:56:34 PM - System Checkpoint
RP151: 12/17/2013 7:18:37 PM - System Checkpoint
RP152: 12/19/2013 9:59:20 PM - System Checkpoint
RP153: 12/25/2013 8:52:55 PM - System Checkpoint
RP154: 12/27/2013 3:31:04 PM - System Checkpoint
RP155: 12/28/2013 6:27:32 PM - System Checkpoint
RP156: 12/29/2013 7:13:02 PM - System Checkpoint
RP157: 12/31/2013 1:08:43 PM - Configured OneKey Recovery
RP158: 12/31/2013 1:30:42 PM - Configured OneKey Recovery
RP159: 12/31/2013 1:33:03 PM - Installed OneKey Recovery
.
==== Installed Programs ======================
.
??????? 2.6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
ASTRA32 - Advanced System Information Tool 3.01
Broadcom 802.11 Wireless Driver
Broadcom Gigabit NetLink Controller
Compatibility Pack for the 2007 Office system
Conexant HD Audio
DefaultTab
DocuPrint M205 b
Dolby Headphone Control Panel
Energy Management
Garena - FIFA ONLINE 3(English)
Garena Plus
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer Toolbar 4.9 by SweetPacks
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo DirectShare
Lenovo OneKey Recovery
Lenovo Quick Start
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel Viewer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
PGR 0.9.0
POKéMON Simulator 4.5
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Silicon Laboratories USBXpress Device (Driver Removal)
Soleus Sync
Speccy
Spybot - Search & Destroy
SweetIM Bundle by SweetPacks
SweetPacks Updater Service
Synaptics Pointing Device Driver
Unity Web Player
Update for Windows XP (KB955704)
Updater By Sweetpacks 2.0.0.605
VeriFace
WebFldrs XP
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/21/2014 9:40:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
1/21/2014 9:40:42 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2014 7:27:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:26:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/21/2014 7:26:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/21/2014 7:26:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/18/2014 2:17:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.91 for the Network Card with network address 002682F1B7FA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/17/2014 3:59:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/17/2014 3:59:47 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2014 10:29:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/15/2014 10:29:50 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-23 00:48:44
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298.09GB
Running: mvgdsk7b.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwldikob.sys
---- Kernel code sections - GMER 2.1 ----
? C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000ADA-7E0D-47C1-986C-F017D09C4304}\iexplore@Count 79
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}\iexplore@Count 77
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}\iexplore@LoadTime 2205
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}\iexplore@LoadTimeCount 77
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283}\iexplore@Count 373
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore@Count 76
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}\iexplore@Count 77
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}\iexplore@LoadTime 71
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}\iexplore@LoadTimeCount 77
---- EOF - GMER 2.1 ----
I believe my laptop is infected by various viruses. One of the viruses I have is newfolder.exe. Because of the infection, I can't execute the task manager and no folder options under the tool menu.
Attached are my log files and thanks in advanced to anyone who would help.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:42 PM, on 1/22/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\dtupdate.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RavMonE.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3523&t=01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={FC3C31B3-42B6-11E3-BFBF-002682F1B7FA}
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - (no file)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\DefaultTabBHO.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Updater By Sweetpacks Helper - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LauncherM205b] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M205 b
O4 - HKLM\..\Run: [DocuPrint m205b RUN] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRunm205b] "C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M205 a,hide,\S
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://support.lenovo.com/Resources/...AutoDetect.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\dtupdate.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: FXcnStatutsDatabase (FXNADB) - Unknown owner - C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Updater By Sweetpacks - Unknown owner - C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
--
End of file - 9870 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18372
Run by user at 23:38:42 on 2014-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1241 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\user\Application Data\defaulttab\defaulttab\dtupdate.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RavMonE.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mysearchresults.com/?c=3523&t=01
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={FC3C31B3-42B6-11E3-BFBF-002682F1B7FA}
mWinlogon: Shell = Explorer.exe RVHOST.exe
BHO: {00000ADA-7E0D-47C1-986C-F017D09C4304} - <orphaned>
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\user\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: Updater By Sweetpacks: {DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\updater by sweetpacks\Extension32.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GarenaPlus] "c:\program files\garena plus\GarenaMessenger.exe" -autolaunch
uRun: [Yahoo Messengger] c:\windows\system32\RVHOST.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LauncherM205b] "c:\program files\fuji xerox\docuprint ssw2\launcher\fxlaunch.exe" /S FX DocuPrint M205 b
mRun: [DocuPrint m205b RUN] "c:\program files\fuji xerox\docuprint ssw2\simplemonitor for ap\fxksmRun.exe"
mRun: [StatusAutoRunm205b] "c:\program files\fuji xerox\docuprint ssw2\simplemonitor for ap\fxksmpl.exe" fx docuprint m205 a,hide,\S
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RavAV] c:\windows\RavMonE.exe
dRun: [Yahoo Messengger] c:\windows\system32\RVHOST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NofolderOptions = dword:1
uPolicies-System: DisableRegistryTools = dword:1
uPolicies-System: DisableTaskMgr = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NofolderOptions = dword:1
mPolicies-System: DisableTaskMgr = dword:1
mPolicies-System: DisableRegistryTools = dword:1
IE: &??&???? - <no file>
IE: &??&???????? - <no file>
IE: &??&?????? - <no file>
IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345363640125
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AC890566-0DAC-42A7-A929-2E86C672D308} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\gjb9nmy7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Sweetpacks Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mysearchresults.com/?c=3523&t=01
FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-20 574464]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\user\application data\defaulttab\defaulttab\dtupdate.exe [2013-11-1 107520]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
R2 FXNADB;FXcnStatutsDatabase;c:\program files\fuji xerox\docuprint ssw2\simplemonitor for ap\fxksmdb.exe [2011-12-2 80384]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-11-1 1488176]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs. exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-31 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-31 1042272]
R2 Updater By Sweetpacks;Updater By Sweetpacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-11-1 188760]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2012-8-14 40704]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2012-8-15 213544]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2012-8-19 11792]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-31 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2012-8-19 73744]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2012-8-19 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2012-8-19 579400]
S3 OAO17Afx;OAO17Afx;c:\windows\system32\drivers\OAO17Afx.sys [2009-11-18 140888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-8-15 174592]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2013-6-3 14592]
S3 vm331avs;Digital Camera 1;c:\windows\system32\drivers\vm331avs.sys --> c:\windows\system32\drivers\vm331avs.sys [?]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2014-01-20 11:25:45 3514318 ----a-w- c:\windows\RavMonE.exe
2013-12-31 06:17:46 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-31 06:17:41 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-12-31 06:17:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-30 16:05:30 -------- d-----w- c:\windows\system32\jmdp
2013-12-28 14:07:53 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-12-28 14:07:53 18544 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2013-12-28 14:07:53 153712 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-12-28 14:07:52 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-12-28 14:07:52 276592 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-12-28 14:07:52 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-12-28 14:07:52 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-12-28 14:07:36 22370928 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-12-27 08:31:22 268216 --sha-r- c:\windows\system32\RVHOST.exe
2013-12-27 08:31:22 268216 ----a-w- c:\windows\RVHOST.exe
2013-12-27 07:59:43 210992 ----a-w- c:\windows\RegBootClean.exe
2013-12-27 06:16:56 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
.
==================== Find3M ====================
.
2013-12-29 10:12:40 1488176 ----a-w- c:\windows\system32\dmwu.exe
2013-12-29 10:08:00 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-12-25 08:03:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-12-25 08:03:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-12-25 08:03:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-12-25 08:03:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-12-25 08:03:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-12-17 11:29:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-17 11:29:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-11-15 01:30:24 268216 --sha-r- c:\windows\system32\RVHOST.exe
.
============= FINISH: 23:39:25.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2012 2:44:03 AM
System Uptime: 1/22/2014 11:22:26 PM (0 hours ago)
.
Motherboard: LENOVO | | Mariana-3B
Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz | CPU 1 | 1496/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 72.94 GiB free.
D: is FIXED (NTFS) - 199 GiB total, 183.82 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP115: 10/2/2013 6:38:41 PM - System Checkpoint
RP116: 10/4/2013 7:42:56 AM - System Checkpoint
RP117: 10/5/2013 5:08:43 PM - System Checkpoint
RP118: 10/6/2013 8:51:56 PM - System Checkpoint
RP119: 10/7/2013 10:05:18 PM - System Checkpoint
RP120: 10/8/2013 10:09:08 PM - System Checkpoint
RP121: 10/10/2013 7:33:21 AM - System Checkpoint
RP122: 10/11/2013 7:51:03 PM - System Checkpoint
RP123: 10/12/2013 9:55:23 PM - System Checkpoint
RP124: 10/16/2013 7:48:28 AM - System Checkpoint
RP125: 10/17/2013 6:19:57 PM - System Checkpoint
RP126: 10/21/2013 10:30:08 PM - System Checkpoint
RP127: 10/23/2013 7:46:43 AM - System Checkpoint
RP128: 10/25/2013 10:40:10 PM - System Checkpoint
RP129: 10/27/2013 10:18:28 PM - System Checkpoint
RP130: 10/29/2013 7:33:37 AM - System Checkpoint
RP131: 11/1/2013 8:29:28 PM - System Checkpoint
RP132: 11/8/2013 5:45:10 AM - System Checkpoint
RP133: 11/9/2013 6:36:10 PM - System Checkpoint
RP134: 11/11/2013 5:05:00 PM - System Checkpoint
RP135: 11/12/2013 6:25:36 PM - System Checkpoint
RP136: 11/13/2013 7:32:39 PM - System Checkpoint
RP137: 11/18/2013 10:12:23 PM - System Checkpoint
RP138: 11/20/2013 7:32:04 AM - System Checkpoint
RP139: 11/21/2013 7:29:50 PM - System Checkpoint
RP140: 11/23/2013 10:28:47 PM - System Checkpoint
RP141: 11/25/2013 10:17:03 PM - System Checkpoint
RP142: 11/29/2013 11:02:06 PM - System Checkpoint
RP143: 12/1/2013 4:10:40 PM - System Checkpoint
RP144: 12/2/2013 9:37:18 PM - System Checkpoint
RP145: 12/3/2013 9:47:42 PM - System Checkpoint
RP146: 12/5/2013 10:31:33 PM - System Checkpoint
RP147: 12/7/2013 6:44:26 PM - System Checkpoint
RP148: 12/8/2013 9:07:25 PM - System Checkpoint
RP149: 12/10/2013 7:31:42 PM - System Checkpoint
RP150: 12/15/2013 5:56:34 PM - System Checkpoint
RP151: 12/17/2013 7:18:37 PM - System Checkpoint
RP152: 12/19/2013 9:59:20 PM - System Checkpoint
RP153: 12/25/2013 8:52:55 PM - System Checkpoint
RP154: 12/27/2013 3:31:04 PM - System Checkpoint
RP155: 12/28/2013 6:27:32 PM - System Checkpoint
RP156: 12/29/2013 7:13:02 PM - System Checkpoint
RP157: 12/31/2013 1:08:43 PM - Configured OneKey Recovery
RP158: 12/31/2013 1:30:42 PM - Configured OneKey Recovery
RP159: 12/31/2013 1:33:03 PM - Installed OneKey Recovery
.
==== Installed Programs ======================
.
??????? 2.6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
ASTRA32 - Advanced System Information Tool 3.01
Broadcom 802.11 Wireless Driver
Broadcom Gigabit NetLink Controller
Compatibility Pack for the 2007 Office system
Conexant HD Audio
DefaultTab
DocuPrint M205 b
Dolby Headphone Control Panel
Energy Management
Garena - FIFA ONLINE 3(English)
Garena Plus
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer Toolbar 4.9 by SweetPacks
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo DirectShare
Lenovo OneKey Recovery
Lenovo Quick Start
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel Viewer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
PGR 0.9.0
POKéMON Simulator 4.5
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Silicon Laboratories USBXpress Device (Driver Removal)
Soleus Sync
Speccy
Spybot - Search & Destroy
SweetIM Bundle by SweetPacks
SweetPacks Updater Service
Synaptics Pointing Device Driver
Unity Web Player
Update for Windows XP (KB955704)
Updater By Sweetpacks 2.0.0.605
VeriFace
WebFldrs XP
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/21/2014 9:40:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
1/21/2014 9:40:42 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2014 7:27:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:27:46 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2014 7:26:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/21/2014 7:26:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/21/2014 7:26:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/18/2014 2:17:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.91 for the Network Card with network address 002682F1B7FA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/17/2014 3:59:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/17/2014 3:59:47 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2014 10:29:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/15/2014 10:29:50 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-23 00:48:44
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298.09GB
Running: mvgdsk7b.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwldikob.sys
---- Kernel code sections - GMER 2.1 ----
? C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000ADA-7E0D-47C1-986C-F017D09C4304}\iexplore@Count 79
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}\iexplore@Count 77
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}\iexplore@LoadTime 2205
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}\iexplore@LoadTimeCount 77
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283}\iexplore@Count 373
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\iexplore@Count 76
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}\iexplore@Count 77
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}\iexplore@LoadTime 71
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}\iexplore@LoadTimeCount 77
---- EOF - GMER 2.1 ----