1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PDF Creator not working after ComboFix

Discussion in 'Software' started by nic1990, Jul 25, 2011.

  1. nic1990

    nic1990 Private E-2

    Successfully used ComboFix to clean computer. PDF creator worked prior to infection and cleaning. Now, it simply does not work. Tried uninstalling and reinstalling, rebooting, etc. Any thoughts or recommendations?
     
  2. satrow

    satrow Major Geek Extraordinaire

    Welcome to Majorgeeks :)

    Do you still have the ComboFix log?
     
  3. nic1990

    nic1990 Private E-2

    Thanks for getting back to me so soon. Here are the log files. I changed the user profile for this.

    ComboFix 11-07-20.02 - ss025391 07/20/2011 8:18.1.4 - x86 NETWORK
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2996.2205 [GMT -5:00]
    Running from: E:\ComboFix.exe
    AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ssXXXXXX\AppData\Local\vyo.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-20 13:17 . 2011-07-20 13:17 -------- d-----w- C:\32788R22FWJFW
    2011-06-29 21:18 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-22 01:18 . 2011-06-22 01:18 -------- d-----w- c:\windows\system32\ldevents
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-16 12:09 . 2011-05-17 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-28 02:53 . 2011-06-16 22:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-16 16:24 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-03 04:30 . 2011-06-15 22:07 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 02:46 . 2011-06-16 22:32 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-29 02:46 . 2011-06-16 22:32 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-29 02:46 . 2011-06-16 22:32 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-27 02:17 . 2011-06-15 22:02 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-27 02:17 . 2011-06-15 22:02 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-27 02:17 . 2011-06-15 22:02 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 04:31 . 2011-06-15 22:08 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-04-25 02:18 . 2011-06-15 22:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-04-22 19:10 . 2011-06-16 22:31 981504 ----a-w- c:\windows\system32\wininet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2010-07-02 337256]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-11-05 894312]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-16 143384]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-16 176664]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-16 177176]
    "RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-10-15 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-1292428093-725345543-9696\Scripts\Logon\0\0]
    "Script"=Copy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-1292428093-725345543-9696\Scripts\Logon\1\0]
    "Script"=fs_logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe [2009-11-10 155648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-03-11 136352]
    R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [2010-03-22 139264]
    R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;c:\program files\LANDesk\LDClient\amtmon.exe [2010-03-04 1044480]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [2010-04-13 376832]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
    R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
    R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-14 127232]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-11-05 132456]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
    R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2010-03-02 14336]
    R3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2010-03-02 5120]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2010-03-02 6144]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-09-08 21360]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-11-05 75112]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-15 1343400]
    S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-11-05 24304]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-02-09 22104]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
    S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:08]
    .
    2011-07-20 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://inside.loras.edu/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: loras.edu\citrix
    Trusted Zone: loras.edu\daui01
    Trusted Zone: loras.edu\elearn
    Trusted Zone: loras.edu\inside
    Trusted Zone: loras.edu\wead03
    Trusted Zone: loras.edu\webcam
    Trusted Zone: loras.edu\webmail
    Trusted Zone: loras.edu\www
    TCP: DhcpNameServer = 10.20.0.100 10.20.0.101
    DPF: {9C5FFF8F-0FE6-47AC-A0E6-85EF424F9D32} - hxxps://transfer.americantrust.com/COM/MOVEitUploadWizard6.0.0.ocx
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SysMgr - wscript.exe c:\windows\system32\Winexe.vbs
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-20 08:23:01
    ComboFix-quarantined-files.txt 2011-07-20 13:23
    .
    Pre-Run: 128,440,238,080 bytes free
    Post-Run: 128,408,428,544 bytes free
    .
    - - End Of File - - D4E5E72306374CA6AAE861717449C0CC
     
  4. nic1990

    nic1990 Private E-2

    Here is the combo fix log. Thanks for getting back to me.

    ComboFix 11-07-20.02 - ss025391 07/20/2011 8:18.1.4 - x86 NETWORK
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2996.2205 [GMT -5:00]
    Running from: E:\ComboFix.exe
    AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ssXXXXXX\AppData\Local\vyo.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-20 13:17 . 2011-07-20 13:17 -------- d-----w- C:\32788R22FWJFW
    2011-06-29 21:18 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-22 01:18 . 2011-06-22 01:18 -------- d-----w- c:\windows\system32\ldevents
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-16 12:09 . 2011-05-17 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-28 02:53 . 2011-06-16 22:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-16 16:24 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-03 04:30 . 2011-06-15 22:07 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 02:46 . 2011-06-16 22:32 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-29 02:46 . 2011-06-16 22:32 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-29 02:46 . 2011-06-16 22:32 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-27 02:17 . 2011-06-15 22:02 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-27 02:17 . 2011-06-15 22:02 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-27 02:17 . 2011-06-15 22:02 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 04:31 . 2011-06-15 22:08 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-04-25 02:18 . 2011-06-15 22:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-04-22 19:10 . 2011-06-16 22:31 981504 ----a-w- c:\windows\system32\wininet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2010-07-02 337256]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-11-05 894312]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-16 143384]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-16 176664]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-16 177176]
    "RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-10-15 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-1292428093-725345543-9696\Scripts\Logon\0\0]
    "Script"=Copy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-1292428093-725345543-9696\Scripts\Logon\1\0]
    "Script"=fs_logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe [2009-11-10 155648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-03-11 136352]
    R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [2010-03-22 139264]
    R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;c:\program files\LANDesk\LDClient\amtmon.exe [2010-03-04 1044480]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [2010-04-13 376832]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
    R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
    R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-14 127232]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-11-05 132456]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
    R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2010-03-02 14336]
    R3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2010-03-02 5120]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2010-03-02 6144]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-09-08 21360]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-11-05 75112]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-15 1343400]
    S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-11-05 24304]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-02-09 22104]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
    S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:08]
    .
    2011-07-20 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://inside.loras.edu/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: loras.edu\citrix
    Trusted Zone: loras.edu\daui01
    Trusted Zone: loras.edu\elearn
    Trusted Zone: loras.edu\inside
    Trusted Zone: loras.edu\wead03
    Trusted Zone: loras.edu\webcam
    Trusted Zone: loras.edu\webmail
    Trusted Zone: loras.edu\www
    TCP: DhcpNameServer = 10.20.0.100 10.20.0.101
    DPF: {9C5FFF8F-0FE6-47AC-A0E6-85EF424F9D32} - hxxps://transfer.americantrust.com/COM/MOVEitUploadWizard6.0.0.ocx
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SysMgr - wscript.exe c:\windows\system32\Winexe.vbs
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-20 08:23:01
    ComboFix-quarantined-files.txt 2011-07-20 13:23
    .
    Pre-Run: 128,440,238,080 bytes free
    Post-Run: 128,408,428,544 bytes free
    .
    - - End Of File - - D4E5E72306374CA6AAE861717449C0CC
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds