Jump to content

Homepage Hijack to 208.73.210.29


Recommended Posts

I have what appears to be a homepage hijacker. It transposes two letters in the name of my homepage and then tries to take me to 208.73.210.29 which malwarebytes blocks as a malicious website. However, when I run scans with Malwarebytes and other virus/malware scanners nothing is found. Is there a way to remove whatever is directing me to this website?

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ajzebiak at 12:35:10 on 2012-02-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1082 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {A8987216-6562-4E70-BD39-DFCC1E1FCC99}

AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {7D10E2FE-790B-436C-9925-F392B6677A51}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe

C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.drudgereport.com/

uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [HP ENVY 110 series (NET)] "c:\program files\hp\hp envy 110 series\bin\ScanToPCActivationApp.exe" -deviceID "CN19EC215C05S9:NW" -scfn "HP ENVY 110 series (NET)" -AutoStart 1

uRun: [cdloader] "c:\documents and settings\ajzebiak\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TpShocks] TpShocks.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [ACTRAY] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLICON] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295600200203

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290017091531

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} - hxxps://download.infotriever.com/bin/ifhelper.cab

DPF: {C73881A2-E7F5-4CE4-B199-307EB127FE15} - hxxp://download.humanconcepts.com/downloads/op7/plugin/hcinstall7.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://buckman.webex.com/client/T27L10NSP21/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli ACGina psqlpwd ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-11-18 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-18 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-11-18 13480]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-11-18 132456]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-18 652360]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-11-18 53248]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-10-15 36624]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 63928]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-12-5 520192]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2008-3-8 81280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-18 20464]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-11-18 45496]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-1-21 51792]

S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2008-10-15 262416]

S3 DCamUSBNW802;Motic USB-2E Capture;c:\windows\system32\drivers\pcam.sys [2011-11-3 265904]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-2 2152152]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-2 15232]

S3 qcusbser;Samsung MITs WinMobile USB Serial;c:\windows\system32\drivers\qcusbser.sys [2010-12-11 104576]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-10-15 689416]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-4-24 367456]

.

=============== Created Last 30 ================

.

2012-02-24 14:14:37 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9be149ec-f434-4716-a114-ac4244eb9dc0}\mpengine.dll

2012-02-19 02:55:41 -------- d-----w- c:\documents and settings\ajzebiak\Pavark

2012-02-15 21:18:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-15 21:18:47 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 18:10:12 4777280 ----a-w- c:\windows\system32\procexp.exe

.

==================== Find3M ====================

.

2012-02-26 12:51:02 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-02-25 22:31:31 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 22:12:34 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 12:36:07.54 ===============

attach.txt

Link to post
Share on other sites

I downloaded and ran RougeKiller. MagicJack is my phone service but I don't really need any of its files on this computer. Here is the report.

RogueKiller V7.2.0 [02/27/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: ajzebiak [Admin rights]

Mode: Scan -- Date: 02/27/2012 11:09:14

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] adawarebp.dll -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : cdloader ("C:\Documents and Settings\ajzebiak\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1230844613-1798881015-2024334194-1009[...]\Run : cdloader ("C:\Documents and Settings\ajzebiak\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 .archivioadulti.com

127.0.0.1 .internet-explorer.name

127.0.0.1 .katasearch.com

127.0.0.1 .preferiti-windows.com

127.0.0.1 .qoogler.com

127.0.0.1 .tuttoavolonta.com

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 00hq.com

127.0.0.1 www.00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.1001-search.info

127.0.0.1 1001-search.info

127.0.0.1 www.100888290cs.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS722010K9SA00 +++++

--- User ---

[MBR] 1dbba85a9300f664c2c665fa6813c215

[bSP] 19658a6821ef3349993295389cf2cc7e : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 88165 Mo

1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 180563968 | Size: 7229 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

It's just warning us about MagicJack, no action was taken.

------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

Here is the report from TDSSKiller. Should I have done anything with the files that RogueKiller detected?

14:57:05.0609 5620 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

14:57:05.0953 5620 ============================================================

14:57:05.0953 5620 Current date / time: 2012/02/27 14:57:05.0953

14:57:05.0953 5620 SystemInfo:

14:57:05.0953 5620

14:57:05.0953 5620 OS Version: 5.1.2600 ServicePack: 3.0

14:57:05.0953 5620 Product type: Workstation

14:57:05.0953 5620 ComputerName: LENOVO-7659CT0

14:57:05.0953 5620 UserName: ajzebiak

14:57:05.0953 5620 Windows directory: C:\WINDOWS

14:57:05.0953 5620 System windows directory: C:\WINDOWS

14:57:05.0953 5620 Processor architecture: Intel x86

14:57:05.0953 5620 Number of processors: 2

14:57:05.0953 5620 Page size: 0x1000

14:57:05.0953 5620 Boot type: Normal boot

14:57:05.0953 5620 ============================================================

14:57:08.0468 5620 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

14:57:08.0484 5620 \Device\Harddisk0\DR0:

14:57:08.0484 5620 MBR used

14:57:08.0484 5620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAC32C21

14:57:08.0515 5620 Initialize success

14:57:08.0515 5620 ============================================================

14:57:16.0984 3480 ============================================================

14:57:16.0984 3480 Scan started

14:57:16.0984 3480 Mode: Manual; SigCheck; TDLFS;

14:57:16.0984 3480 ============================================================

14:57:17.0359 3480 Abiosdsk - ok

14:57:17.0390 3480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:57:17.0859 3480 abp480n5 - ok

14:57:17.0890 3480 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

14:57:18.0015 3480 ac97intc - ok

14:57:18.0109 3480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:57:18.0281 3480 ACPI - ok

14:57:18.0296 3480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

14:57:18.0453 3480 ACPIEC - ok

14:57:18.0500 3480 ADIHdAudAddService (ca6d262e0e68da7ac1e2edb0a8324031) C:\WINDOWS\system32\drivers\ADIHdAud.sys

14:57:18.0593 3480 ADIHdAudAddService - ok

14:57:18.0625 3480 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:57:18.0750 3480 adpu160m - ok

14:57:18.0765 3480 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys

14:57:18.0828 3480 AEAudio - ok

14:57:18.0859 3480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:57:18.0984 3480 aec - ok

14:57:19.0062 3480 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:57:19.0140 3480 AegisP - ok

14:57:19.0171 3480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:57:19.0265 3480 AFD - ok

14:57:19.0296 3480 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:57:19.0453 3480 agp440 - ok

14:57:19.0484 3480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:57:19.0625 3480 agpCPQ - ok

14:57:19.0687 3480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:57:19.0765 3480 Aha154x - ok

14:57:19.0812 3480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:57:19.0937 3480 aic78u2 - ok

14:57:19.0968 3480 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:57:20.0093 3480 aic78xx - ok

14:57:20.0109 3480 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:57:20.0234 3480 AliIde - ok

14:57:20.0265 3480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:57:20.0375 3480 alim1541 - ok

14:57:20.0406 3480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:57:20.0515 3480 amdagp - ok

14:57:20.0562 3480 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:57:20.0640 3480 amsint - ok

14:57:20.0671 3480 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

14:57:20.0687 3480 ANC ( UnsignedFile.Multi.Generic ) - warning

14:57:20.0687 3480 ANC - detected UnsignedFile.Multi.Generic (1)

14:57:20.0781 3480 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:57:20.0906 3480 Arp1394 - ok

14:57:20.0921 3480 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:57:21.0046 3480 asc - ok

14:57:21.0062 3480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:57:21.0140 3480 asc3350p - ok

14:57:21.0187 3480 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:57:21.0328 3480 asc3550 - ok

14:57:21.0359 3480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:57:21.0468 3480 AsyncMac - ok

14:57:21.0546 3480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:57:21.0640 3480 atapi - ok

14:57:21.0656 3480 Atdisk - ok

14:57:21.0687 3480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:57:21.0796 3480 Atmarpc - ok

14:57:21.0828 3480 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

14:57:21.0875 3480 atmeltpm - ok

14:57:21.0890 3480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:57:22.0000 3480 audstub - ok

14:57:22.0031 3480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:57:22.0140 3480 Beep - ok

14:57:22.0187 3480 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys

14:57:22.0250 3480 btaudio - ok

14:57:22.0328 3480 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys

14:57:22.0390 3480 BTDriver - ok

14:57:22.0437 3480 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

14:57:22.0546 3480 BTKRNL - ok

14:57:22.0687 3480 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

14:57:22.0765 3480 BTWDNDIS - ok

14:57:22.0796 3480 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys

14:57:22.0843 3480 BTWUSB - ok

14:57:22.0890 3480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:57:23.0078 3480 cbidf - ok

14:57:23.0093 3480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:57:23.0187 3480 cbidf2k - ok

14:57:23.0234 3480 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:57:23.0343 3480 CCDECODE - ok

14:57:23.0468 3480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:57:23.0531 3480 cd20xrnt - ok

14:57:23.0562 3480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:57:23.0687 3480 Cdaudio - ok

14:57:23.0718 3480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:57:23.0843 3480 Cdfs - ok

14:57:23.0859 3480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:57:23.0984 3480 Cdrom - ok

14:57:23.0984 3480 Changer - ok

14:57:24.0000 3480 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:57:24.0109 3480 CmBatt - ok

14:57:24.0234 3480 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:57:24.0343 3480 CmdIde - ok

14:57:24.0406 3480 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:57:24.0515 3480 Compbatt - ok

14:57:24.0562 3480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:57:24.0687 3480 Cpqarray - ok

14:57:24.0734 3480 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

14:57:24.0796 3480 CVirtA - ok

14:57:24.0828 3480 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) c:\WINDOWS\system32\Drivers\CVPNDRVA.sys

14:57:24.0843 3480 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

14:57:24.0843 3480 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

14:57:24.0890 3480 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:57:25.0078 3480 dac2w2k - ok

14:57:25.0109 3480 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:57:25.0265 3480 dac960nt - ok

14:57:25.0328 3480 DCamUSBNW802 (af5a273181cd2f33e52c7e2c145a2f59) C:\WINDOWS\system32\DRIVERS\pcam.sys

14:57:25.0421 3480 DCamUSBNW802 ( UnsignedFile.Multi.Generic ) - warning

14:57:25.0421 3480 DCamUSBNW802 - detected UnsignedFile.Multi.Generic (1)

14:57:25.0468 3480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:57:25.0593 3480 Disk - ok

14:57:25.0640 3480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:57:25.0875 3480 dmboot - ok

14:57:25.0921 3480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:57:26.0093 3480 dmio - ok

14:57:26.0140 3480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:57:26.0250 3480 dmload - ok

14:57:26.0281 3480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:57:26.0390 3480 DMusic - ok

14:57:26.0453 3480 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

14:57:26.0468 3480 DNE - ok

14:57:26.0531 3480 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys

14:57:26.0875 3480 DozeHDD - ok

14:57:26.0921 3480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:57:27.0140 3480 dpti2o - ok

14:57:27.0203 3480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:57:27.0328 3480 drmkaud - ok

14:57:27.0359 3480 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

14:57:27.0484 3480 E100B - ok

14:57:27.0531 3480 e1express (27f19c1cd70ebe00817c1eefc5239de1) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

14:57:27.0546 3480 e1express - ok

14:57:27.0578 3480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:57:27.0718 3480 Fastfat - ok

14:57:27.0750 3480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:57:27.0906 3480 Fdc - ok

14:57:27.0968 3480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:57:28.0125 3480 Fips - ok

14:57:28.0140 3480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:57:28.0296 3480 Flpydisk - ok

14:57:28.0375 3480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:57:28.0500 3480 FltMgr - ok

14:57:28.0531 3480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:57:28.0671 3480 Fs_Rec - ok

14:57:28.0687 3480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:57:28.0796 3480 Ftdisk - ok

14:57:28.0843 3480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:57:28.0968 3480 Gpc - ok

14:57:29.0000 3480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:57:29.0109 3480 HDAudBus - ok

14:57:29.0125 3480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:57:29.0250 3480 HidUsb - ok

14:57:29.0281 3480 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:57:29.0406 3480 hpn - ok

14:57:29.0515 3480 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

14:57:29.0546 3480 HSFHWAZL - ok

14:57:29.0578 3480 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

14:57:29.0687 3480 HSF_DPV - ok

14:57:29.0828 3480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:57:29.0890 3480 HTTP - ok

14:57:29.0937 3480 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:57:30.0125 3480 i2omgmt - ok

14:57:30.0171 3480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:57:30.0281 3480 i2omp - ok

14:57:30.0328 3480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:57:30.0437 3480 i8042prt - ok

14:57:30.0640 3480 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

14:57:31.0156 3480 ialm - ok

14:57:31.0265 3480 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys

14:57:31.0296 3480 iaStor - ok

14:57:31.0312 3480 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

14:57:31.0343 3480 IBMPMDRV - ok

14:57:31.0359 3480 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

14:57:31.0390 3480 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning

14:57:31.0390 3480 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)

14:57:31.0421 3480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:57:31.0593 3480 Imapi - ok

14:57:31.0625 3480 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:57:31.0750 3480 ini910u - ok

14:57:31.0781 3480 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:57:31.0906 3480 IntelIde - ok

14:57:31.0921 3480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:57:32.0015 3480 intelppm - ok

14:57:32.0046 3480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:57:32.0156 3480 Ip6Fw - ok

14:57:32.0234 3480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:57:32.0343 3480 IpFilterDriver - ok

14:57:32.0390 3480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:57:32.0500 3480 IpInIp - ok

14:57:32.0531 3480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:57:32.0656 3480 IpNat - ok

14:57:32.0687 3480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:57:32.0796 3480 IPSec - ok

14:57:32.0812 3480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:57:32.0921 3480 IRENUM - ok

14:57:32.0937 3480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:57:33.0046 3480 isapnp - ok

14:57:33.0062 3480 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

14:57:33.0093 3480 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

14:57:33.0093 3480 Iviaspi - detected UnsignedFile.Multi.Generic (1)

14:57:33.0109 3480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:57:33.0234 3480 Kbdclass - ok

14:57:33.0250 3480 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:57:33.0359 3480 kbdhid - ok

14:57:33.0437 3480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:57:33.0562 3480 kmixer - ok

14:57:33.0578 3480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:57:33.0671 3480 KSecDD - ok

14:57:33.0734 3480 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

14:57:33.0765 3480 Lavasoft Kernexplorer - ok

14:57:33.0781 3480 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

14:57:33.0796 3480 Lbd - ok

14:57:33.0828 3480 lbrtfdc - ok

14:57:33.0843 3480 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys

14:57:33.0875 3480 lenovo.smi - ok

14:57:33.0906 3480 LenovoRd (007c3a7e6a864ab2b8c52df717a7254c) C:\WINDOWS\system32\Drivers\LenovoRd.sys

14:57:33.0968 3480 LenovoRd - ok

14:57:34.0046 3480 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

14:57:34.0062 3480 MBAMProtector - ok

14:57:34.0093 3480 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:57:34.0140 3480 mdmxsdk - ok

14:57:34.0171 3480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:57:34.0343 3480 mnmdd - ok

14:57:34.0375 3480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:57:34.0468 3480 Modem - ok

14:57:34.0500 3480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:57:34.0640 3480 Mouclass - ok

14:57:34.0671 3480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:57:34.0781 3480 mouhid - ok

14:57:34.0812 3480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:57:34.0921 3480 MountMgr - ok

14:57:34.0937 3480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:57:35.0062 3480 mraid35x - ok

14:57:35.0140 3480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:57:35.0234 3480 MRxDAV - ok

14:57:35.0296 3480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:57:35.0343 3480 MRxSmb - ok

14:57:35.0375 3480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:57:35.0468 3480 Msfs - ok

14:57:35.0500 3480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:57:35.0625 3480 MSKSSRV - ok

14:57:35.0640 3480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:57:35.0765 3480 MSPCLOCK - ok

14:57:35.0781 3480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:57:35.0890 3480 MSPQM - ok

14:57:35.0968 3480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:57:36.0062 3480 mssmbios - ok

14:57:36.0109 3480 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

14:57:36.0218 3480 MSTEE - ok

14:57:36.0265 3480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:57:36.0296 3480 Mup - ok

14:57:36.0328 3480 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:57:36.0468 3480 NABTSFEC - ok

14:57:36.0515 3480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:57:36.0656 3480 NDIS - ok

14:57:36.0671 3480 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:57:36.0781 3480 NdisIP - ok

14:57:36.0796 3480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:57:36.0843 3480 NdisTapi - ok

14:57:36.0906 3480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:57:37.0031 3480 Ndisuio - ok

14:57:37.0062 3480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:57:37.0171 3480 NdisWan - ok

14:57:37.0203 3480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:57:37.0265 3480 NDProxy - ok

14:57:37.0281 3480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:57:37.0406 3480 NetBIOS - ok

14:57:37.0421 3480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:57:37.0546 3480 NetBT - ok

14:57:37.0640 3480 NETw4x32 (01f8a43ff0b77df0e115a7ed4bd76d68) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

14:57:37.0796 3480 NETw4x32 - ok

14:57:37.0906 3480 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:57:38.0000 3480 NIC1394 - ok

14:57:38.0031 3480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:57:38.0171 3480 Npfs - ok

14:57:38.0203 3480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:57:38.0375 3480 Ntfs - ok

14:57:38.0406 3480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:57:38.0531 3480 Null - ok

14:57:38.0609 3480 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:57:38.0796 3480 nv - ok

14:57:38.0890 3480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:57:39.0078 3480 NwlnkFlt - ok

14:57:39.0078 3480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:57:39.0218 3480 NwlnkFwd - ok

14:57:39.0250 3480 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:57:39.0359 3480 ohci1394 - ok

14:57:39.0375 3480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:57:39.0500 3480 Parport - ok

14:57:39.0515 3480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:57:39.0625 3480 PartMgr - ok

14:57:39.0640 3480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:57:39.0750 3480 ParVdm - ok

14:57:39.0765 3480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:57:39.0859 3480 PCI - ok

14:57:39.0875 3480 PCIDump - ok

14:57:39.0890 3480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:57:40.0000 3480 PCIIde - ok

14:57:40.0015 3480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:57:40.0109 3480 Pcmcia - ok

14:57:40.0125 3480 PDCOMP - ok

14:57:40.0140 3480 PDFRAME - ok

14:57:40.0156 3480 PDRELI - ok

14:57:40.0156 3480 PDRFRAME - ok

14:57:40.0203 3480 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:57:40.0328 3480 perc2 - ok

14:57:40.0406 3480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:57:40.0515 3480 perc2hib - ok

14:57:40.0546 3480 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

14:57:40.0578 3480 pmem ( UnsignedFile.Multi.Generic ) - warning

14:57:40.0578 3480 pmem - detected UnsignedFile.Multi.Generic (1)

14:57:40.0609 3480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:57:40.0718 3480 PptpMiniport - ok

14:57:40.0750 3480 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

14:57:40.0781 3480 PROCDD - ok

14:57:40.0796 3480 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

14:57:40.0921 3480 Processor - ok

14:57:40.0937 3480 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys

14:57:40.0968 3480 psadd - ok

14:57:40.0984 3480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:57:41.0093 3480 PSched - ok

14:57:41.0109 3480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:57:41.0234 3480 Ptilink - ok

14:57:41.0265 3480 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:57:41.0265 3480 PxHelp20 - ok

14:57:41.0312 3480 qcusbser (680fffa856e00415b3a9b715e0195847) C:\WINDOWS\system32\DRIVERS\qcusbser.sys

14:57:41.0390 3480 qcusbser - ok

14:57:41.0500 3480 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:57:41.0625 3480 ql1080 - ok

14:57:41.0656 3480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:57:41.0812 3480 Ql10wnt - ok

14:57:41.0828 3480 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:57:41.0984 3480 ql12160 - ok

14:57:42.0046 3480 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:57:42.0171 3480 ql1240 - ok

14:57:42.0187 3480 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:57:42.0296 3480 ql1280 - ok

14:57:42.0328 3480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:57:42.0437 3480 RasAcd - ok

14:57:42.0468 3480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:57:42.0578 3480 Rasl2tp - ok

14:57:42.0625 3480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:57:42.0750 3480 RasPppoe - ok

14:57:42.0765 3480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:57:42.0875 3480 Raspti - ok

14:57:42.0906 3480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:57:43.0015 3480 Rdbss - ok

14:57:43.0156 3480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:57:43.0281 3480 RDPCDD - ok

14:57:43.0328 3480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:57:43.0453 3480 rdpdr - ok

14:57:43.0500 3480 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:57:43.0546 3480 RDPWD - ok

14:57:43.0593 3480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:57:43.0750 3480 redbook - ok

14:57:43.0796 3480 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys

14:57:43.0843 3480 RsFx0150 - ok

14:57:43.0875 3480 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys

14:57:43.0906 3480 rspndr ( UnsignedFile.Multi.Generic ) - warning

14:57:43.0906 3480 rspndr - detected UnsignedFile.Multi.Generic (1)

14:57:43.0953 3480 s24trans (f275ee6061e444caa7137aefb2c27a03) C:\WINDOWS\system32\DRIVERS\s24trans.sys

14:57:44.0046 3480 s24trans - ok

14:57:44.0093 3480 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

14:57:44.0125 3480 SASDIFSV - ok

14:57:44.0140 3480 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

14:57:44.0171 3480 SASKUTIL - ok

14:57:44.0312 3480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:57:44.0468 3480 Secdrv - ok

14:57:44.0531 3480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:57:44.0718 3480 serenum - ok

14:57:44.0750 3480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:57:44.0937 3480 Serial - ok

14:57:45.0046 3480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

14:57:45.0156 3480 Sfloppy - ok

14:57:45.0203 3480 Shockprf (bc31655a03d9e9ed6f7116bafb9b38c7) C:\WINDOWS\system32\DRIVERS\Apsx86.sys

14:57:45.0218 3480 Shockprf - ok

14:57:45.0234 3480 Simbad - ok

14:57:45.0265 3480 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:57:45.0375 3480 sisagp - ok

14:57:45.0406 3480 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:57:45.0546 3480 SLIP - ok

14:57:45.0609 3480 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

14:57:45.0640 3480 smihlp - ok

14:57:45.0765 3480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:57:45.0843 3480 Sparrow - ok

14:57:45.0890 3480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:57:46.0031 3480 splitter - ok

14:57:46.0046 3480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:57:46.0187 3480 sr - ok

14:57:46.0250 3480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:57:46.0328 3480 Srv - ok

14:57:46.0453 3480 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

14:57:46.0609 3480 StillCam - ok

14:57:46.0656 3480 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:57:46.0828 3480 streamip - ok

14:57:46.0843 3480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:57:47.0046 3480 swenum - ok

14:57:47.0062 3480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:57:47.0187 3480 swmidi - ok

14:57:47.0296 3480 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:57:47.0421 3480 symc810 - ok

14:57:47.0437 3480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:57:47.0578 3480 symc8xx - ok

14:57:47.0609 3480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:57:47.0718 3480 sym_hi - ok

14:57:47.0734 3480 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:57:47.0843 3480 sym_u3 - ok

14:57:47.0890 3480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:57:48.0000 3480 sysaudio - ok

14:57:48.0046 3480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:57:48.0171 3480 Tcpip - ok

14:57:48.0296 3480 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys

14:57:48.0328 3480 TcUsb - ok

14:57:48.0375 3480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:57:48.0484 3480 TDPIPE - ok

14:57:48.0515 3480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:57:48.0656 3480 TDTCP - ok

14:57:48.0671 3480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:57:48.0812 3480 TermDD - ok

14:57:48.0843 3480 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys

14:57:48.0875 3480 tmactmon - ok

14:57:49.0015 3480 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys

14:57:49.0046 3480 tmcomm - ok

14:57:49.0078 3480 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys

14:57:49.0093 3480 tmevtmgr - ok

14:57:49.0171 3480 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

14:57:49.0234 3480 TmFilter - ok

14:57:49.0250 3480 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

14:57:49.0281 3480 TmPreFilter - ok

14:57:49.0312 3480 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

14:57:49.0343 3480 tmtdi - ok

14:57:49.0453 3480 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

14:57:49.0562 3480 TosIde - ok

14:57:49.0671 3480 TPDIGIMN (c5dc9e462407b274b504de2aa3220c2e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

14:57:49.0687 3480 TPDIGIMN - ok

14:57:49.0703 3480 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

14:57:49.0765 3480 TPHKDRV - ok

14:57:49.0796 3480 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

14:57:49.0812 3480 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

14:57:49.0812 3480 TPPWRIF - detected UnsignedFile.Multi.Generic (1)

14:57:49.0843 3480 TSMAPIP (2d991a1a6ee3054530fc08984778cb3a) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

14:57:49.0875 3480 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning

14:57:49.0875 3480 TSMAPIP - detected UnsignedFile.Multi.Generic (1)

14:57:50.0000 3480 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

14:57:50.0031 3480 tvtfilter - ok

14:57:50.0062 3480 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys

14:57:50.0125 3480 TVTI2C - ok

14:57:50.0140 3480 TVTPktFilter - ok

14:57:50.0156 3480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:57:50.0281 3480 Udfs - ok

14:57:50.0296 3480 UIUSys - ok

14:57:50.0328 3480 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:57:50.0406 3480 ultra - ok

14:57:50.0546 3480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:57:50.0671 3480 Update - ok

14:57:50.0734 3480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:57:50.0859 3480 usbaudio - ok

14:57:50.0906 3480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:57:51.0015 3480 usbccgp - ok

14:57:51.0046 3480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:57:51.0156 3480 usbehci - ok

14:57:51.0187 3480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:57:51.0312 3480 usbhub - ok

14:57:51.0343 3480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:57:51.0453 3480 usbprint - ok

14:57:51.0500 3480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:57:51.0625 3480 usbscan - ok

14:57:51.0687 3480 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

14:57:51.0796 3480 usbser - ok

14:57:51.0843 3480 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

14:57:51.0859 3480 usbsermpt ( UnsignedFile.Multi.Generic ) - warning

14:57:51.0859 3480 usbsermpt - detected UnsignedFile.Multi.Generic (1)

14:57:51.0906 3480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:57:52.0015 3480 USBSTOR - ok

14:57:52.0031 3480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:57:52.0156 3480 usbuhci - ok

14:57:52.0187 3480 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

14:57:52.0296 3480 usb_rndisx - ok

14:57:52.0312 3480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:57:52.0421 3480 VgaSave - ok

14:57:52.0453 3480 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:57:52.0578 3480 viaagp - ok

14:57:52.0640 3480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:57:52.0750 3480 ViaIde - ok

14:57:52.0796 3480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:57:52.0890 3480 VolSnap - ok

14:57:52.0984 3480 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

14:57:53.0078 3480 VSApiNt - ok

14:57:53.0125 3480 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

14:57:53.0187 3480 vsdatant - ok

14:57:53.0265 3480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:57:53.0390 3480 Wanarp - ok

14:57:53.0421 3480 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

14:57:53.0500 3480 Wdf01000 - ok

14:57:53.0515 3480 WDICA - ok

14:57:53.0531 3480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:57:53.0656 3480 wdmaud - ok

14:57:53.0703 3480 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

14:57:53.0796 3480 winachsf - ok

14:57:53.0906 3480 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

14:57:54.0000 3480 WmiAcpi - ok

14:57:54.0046 3480 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:57:54.0171 3480 WSTCODEC - ok

14:57:54.0203 3480 MBR (0x1B8) (ab5f6a79e791ad52d63c8d471be07b65) \Device\Harddisk0\DR0

14:57:54.0296 3480 \Device\Harddisk0\DR0 - ok

14:57:54.0296 3480 Boot (0x1200) (abc4acc6338c14eaa9354b3df9f4ac0e) \Device\Harddisk0\DR0\Partition0

14:57:54.0296 3480 \Device\Harddisk0\DR0\Partition0 - ok

14:57:54.0296 3480 ============================================================

14:57:54.0296 3480 Scan finished

14:57:54.0296 3480 ============================================================

14:57:54.0406 2288 Detected object count: 10

14:57:54.0406 2288 Actual detected object count: 10

15:00:49.0015 2288 ANC ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 DCamUSBNW802 ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 DCamUSBNW802 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 pmem ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:00:49.0015 2288 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user

15:00:49.0015 2288 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:01:41.0593 2408 Deinitialize success

Link to post
Share on other sites

No, nothing has to be done right now.

--------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

ComboFix 12-02-27.02 - ajzebiak 02/27/2012 16:53:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1227 [GMT -5:00]

Running from: c:\documents and settings\ajzebiak\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {7D10E2FE-790B-436C-9925-F392B6677A51}

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {A8987216-6562-4E70-BD39-DFCC1E1FCC99}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\ajzebiak\Application Data\.#

c:\documents and settings\ajzebiak\GoToAssistDownloadHelper.exe

c:\windows\inf\savsp2fw.bat

c:\windows\system32\MSMAsk32.ocx

c:\windows\system32\Thumbs.db

c:\windows\system32\tmpBB1.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))

.

.

2012-02-24 14:14 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9BE149EC-F434-4716-A114-AC4244EB9DC0}\mpengine.dll

2012-02-19 02:55 . 2012-02-19 03:01 -------- d-----w- c:\documents and settings\ajzebiak\Pavark

2012-02-15 21:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-15 21:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 18:10 . 2012-02-14 18:10 4777280 ----a-w- c:\windows\system32\procexp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-27 22:02 . 2008-03-13 13:06 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-02-27 22:02 . 2009-05-11 18:02 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-02-08 06:03 . 2008-03-12 23:46 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-01-29 10:10 . 2011-01-21 09:13 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 16:53 . 2006-04-30 06:55 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:46 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 22:12 . 2011-12-11 02:29 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-12-10 20:24 . 2010-11-19 00:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP ENVY 110 series (NET)"="c:\program files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" [2011-09-19 1804648]

"cdloader"="c:\documents and settings\ajzebiak\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"TpShocks"="TpShocks.exe" [2010-07-02 337256]

"ACTRAY"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-09-17 425984]

"ACWLICON"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-09-17 176128]

"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-11-18 50688]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2009-12-01 19:41 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^ajzebiak^Start Menu^Programs^Startup^Infotriever.lnk]

path=c:\documents and settings\ajzebiak\Start Menu\Programs\Startup\Infotriever.lnk

backup=c:\windows\pss\Infotriever.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

2007-08-04 00:35 2630968 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]

2008-06-05 07:36 242976 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]

2009-09-08 10:30 849192 ----a-w- c:\program files\Trend Micro\OfficeScan Client\PccNTMon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]

2010-08-25 07:28 517480 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]

2007-01-09 21:28 868352 ----a-w- c:\program files\ThinkPad\Utilities\TpKmapAp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

2008-03-04 15:34 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TMBMServer"=3 (0x3)

"ntrtscan"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"LPManager"=c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AllAlertsDisabled"=dword:00000001

"TermService"=dword:00000001

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%ProgramFiles%\\Symantec\\LiveUpdate\\LuComServer_2_5.EXE"=

"%ProgramFiles%\\Symantec\\LiveUpdate\\LuComServer.EXE"=

"%ProgramFiles%\\Symantec AntiVirus\\Rtvscan.exe"=

"%ProgramFiles%\\Symantec AntiVirus\\VPC32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\adawaretb\\dtUser.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Documents and Settings\\ajzebiak\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"60596:TCP"= 60596:TCP:Trend Micro OfficeScan Listener

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowRedirect"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]

"Enabled"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Symantec AntiVirus]

"Enabled"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Symantec AntiVirus Client]

"Enabled"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Symantec Live Update]

"Enabled"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Symantec Live Update2.5]

"Enabled"= 1 (0x1)

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [11/18/2010 9:43 PM 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/18/2010 8:34 PM 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 2:44 PM 20592]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [11/18/2010 9:40 PM 13480]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [11/18/2010 9:43 PM 132456]

R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 4:13 PM 226624]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/18/2010 9:43 PM 53248]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 2:47 PM 12560]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/21/2011 4:01 AM 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [10/15/2008 5:05 AM 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [10/15/2008 5:05 AM 36624]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [7/9/2007 1:23 AM 63928]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [12/5/2007 5:17 PM 520192]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [3/8/2008 6:14 PM 81280]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 30336]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 4:19 PM 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [11/18/2010 9:40 PM 45496]

S3 DCamUSBNW802;Motic USB-2E Capture;c:\windows\system32\drivers\pcam.sys [11/3/2011 8:58 AM 265904]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 4:19 PM 136176]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/18/2010 7:42 PM 20464]

S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/18/2010 7:42 PM 652360]

S3 qcusbser;Samsung MITs WinMobile USB Serial;c:\windows\system32\drivers\qcusbser.sys [12/11/2010 7:22 PM 104576]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [10/15/2008 5:05 AM 689416]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 1:56 AM 14336]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 10:56 AM 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 10:02 AM 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/24/2011 12:33 AM 367456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 22:12]

.

2012-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-08-24 c:\windows\Tasks\FisherSolve Update.job

- c:\program files\Fisher\FisherSolve\FisherSolveUpdater.exe [2010-09-07 17:29]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 21:19]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 21:19]

.

2012-02-27 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-02-15 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]

.

2012-02-27 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]

.

2012-02-15 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]

.

2012-02-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

2011-11-16 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]

.

2010-11-24 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-08 07:28]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} - hxxps://download.infotriever.com/bin/ifhelper.cab

DPF: {C73881A2-E7F5-4CE4-B199-307EB127FE15} - hxxp://download.humanconcepts.com/downloads/op7/plugin/hcinstall7.cab

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe

MSConfigStartUp-SynTPLpr - c:\program files\Synaptics\SynTP\SynTPLpr.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-27 17:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1368)

c:\windows\system32\vrlogon.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'lsass.exe'(1424)

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'explorer.exe'(3088)

c:\windows\system32\WININET.dll

c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\netprovcredman.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\rpcnet.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\windows\system32\fxssvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

c:\windows\system32\TpShocks.exe

.

**************************************************************************

.

Link to post
Share on other sites

Looks Good so far......

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

It found and cleaned one file

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=347190d8207670468b5d4d3ed12eea94

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-28 01:47:12

# local_time=2012-02-27 08:47:12 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 33865252 33865252 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=101979

# found=1

# cleaned=1

# scan_time=9914

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP540\A0080527.exe a variant of Win32/RegistryReviver application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Updated and ran MBAM. It found nothing. Unfortunately, the homepage hijack happened again just before I ran the scan. MalwareBytes was not running at the time so it didn't block the website. I'll never use my computer in Germany again. Here are the results of the scan.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.28.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

ajzebiak :: LENOVO-7659CT0 [administrator]

Protection: Enabled

2/27/2012 9:09:59 PM

mbam-log-2012-02-27 (21-09-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233109

Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK, please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Please do this:

Run OTL

  • (computer will reboot)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

--------------------------------

Reset Internet Explorer to defaults:

http://windows.micro...orer-8-settings

Reboot and let me know......MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.