Jump to content

Links from google search are redirected


ljm
 Share

Recommended Posts

Hello.

When I search for something using google, about 50% of the time, the first time I click on a link, it is redirected to an advertising site. This has been happening since I was infected with the "Antivir Solution Pro" on Saturday (9/11/2010). I was able to use Malwarebytes to get rid of that virus, but this redirecting problem is still happening. I noticed that my proxy settings in Internet Explorer were changed at this time as well (I use firefox).

I have updated/scanned using mbam and nothing was detected. I was unable to install Avira Antivirus. I used DeFogger successfully to disable my CD Emulation drivers. I then downloaded and ran DDS (with DDS.txt copied into this post, and Attach.txt attached). Finally, I downloaded GMER but it crashed my computer when I tried to use it to scan.

Any help you can provide would be most appreciated.

Thanks so much.

DDS (Ver_10-03-17.01) - NTFSx86

Run by ___ at 20:03:43.54 on Tue 09/14/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.526 [GMT -7:00]

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\java.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Medialink\MWN-USB150N\UI.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\MATLAB\R2007b\bin\win32\MATLAB.exe

C:\Documents and Settings\Lissa MacVean\My Documents\downloads\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6092

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart

uRun: [amsg] c:\program files\thinkvantage\amsg\Amsg.exe

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [TrackPointSrv] tp4serv.exe

mRun: [TpShocks] TpShocks.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe

mRun: [TP4EX] tp4ex.exe

mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"

mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent

mRun: [ControlCenter] "c:\program files\thinkvantage fingerprint software\ctlcntr.exe" /startup

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [amsg] c:\program files\thinkvantage\amsg\Amsg.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Medialink Utilty] c:\program files\medialink\mwn-usb150n\UI.exe -s

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [Hlicehizaji] rundll32.exe "c:\windows\apaqiqam.dll",Startup

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: windowsupdate.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: igfxcui - igfxsrvc.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll

Notify: QConGina - QConGina.dll

Notify: tpfnf2 - notifyf2.dll

Notify: tphotkey - tphklock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = csspwntfy scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lissam~1\applic~1\mozilla\firefox\profiles\ab2ub1iv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\lissa macvean\application data\mozilla\firefox\profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll

FF - component: c:\documents and settings\lissa macvean\application data\mozilla\firefox\profiles\ab2ub1iv.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll

FF - plugin: c:\documents and settings\lissa macvean\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {EF8BC3DA-2AE1-414B-A97C-56DD3E611446} - c:\documents and settings\lissa macvean\local settings\application data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-1-12 14720]

R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [2003-9-29 62359]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-6-26 204800]

R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-6-28 46142]

R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]

R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328]

R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [2004-6-23 10653]

R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-1-12 6400]

S2 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;"c:\osgeo4w\apache\bin\httpd.exe" -k runservice --> c:\osgeo4w\apache\bin\httpd.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]

S3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [2003-9-29 4538]

S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [2003-9-29 5493]

S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [2003-9-29 19670]

S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [2003-9-29 111180]

S3 lsusb;lsusb;c:\windows\system32\drivers\lsusb.sys [2008-1-29 165452]

S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2006-1-12 12288]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-7-11 709248]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 13840]

=============== Created Last 30 ================

2010-09-15 03:01:56 0 ----a-w- c:\documents and settings\lissa macvean\defogger_reenable

2010-09-13 03:54:00 0 d-----w- c:\docume~1\lissam~1\applic~1\Abine

2010-09-11 16:58:08 120 ----a-w- c:\windows\Pmegozabocu.dat

2010-09-11 16:58:08 0 ----a-w- c:\windows\Pwelo.bin

2010-09-10 01:15:36 4260 ----a-w- c:\documents and settings\lissa macvean\.recently-used.xbel

2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe

==================== Find3M ====================

2010-09-12 07:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-04 23:44:56 172892 ----a-w- c:\windows\hppins13.dat

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll

2010-06-18 17:45:17 293376 ------w- c:\windows\system32\dllcache\winsrv.dll

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-06-17 15:11:25 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2008-08-25 20:38:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 20:04:21.06 ===============

Attach.txt

Link to post
Share on other sites

Hi ljm and Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Hi, Kenny94,

Thank you so much for your help. Here is the report generated by TDSSKiller:

2010/09/15 09:36:33.0375 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/15 09:36:33.0375 ================================================================================

2010/09/15 09:36:33.0375 SystemInfo:

2010/09/15 09:36:33.0375

2010/09/15 09:36:33.0375 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/15 09:36:33.0375 Product type: Workstation

2010/09/15 09:36:33.0375 ComputerName: BERKELEYEFM-LM

2010/09/15 09:36:33.0375 UserName: Lissa MacVean

2010/09/15 09:36:33.0375 Windows directory: C:\WINDOWS

2010/09/15 09:36:33.0375 System windows directory: C:\WINDOWS

2010/09/15 09:36:33.0375 Processor architecture: Intel x86

2010/09/15 09:36:33.0375 Number of processors: 1

2010/09/15 09:36:33.0375 Page size: 0x1000

2010/09/15 09:36:33.0375 Boot type: Normal boot

2010/09/15 09:36:33.0375 ================================================================================

2010/09/15 09:36:34.0046 Initialize success

2010/09/15 09:36:39.0546 ================================================================================

2010/09/15 09:36:39.0546 Scan started

2010/09/15 09:36:39.0546 Mode: Manual;

2010/09/15 09:36:39.0546 ================================================================================

2010/09/15 09:36:41.0562 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/09/15 09:36:42.0171 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/09/15 09:36:42.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/15 09:36:43.0203 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/09/15 09:36:43.0781 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/09/15 09:36:44.0296 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys

2010/09/15 09:36:44.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/15 09:36:45.0421 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/09/15 09:36:45.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/15 09:36:46.0546 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/15 09:36:47.0140 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/09/15 09:36:47.0562 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/09/15 09:36:48.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/09/15 09:36:48.0312 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/09/15 09:36:48.0906 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/09/15 09:36:49.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/09/15 09:36:49.0640 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/09/15 09:36:49.0843 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/09/15 09:36:50.0421 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

2010/09/15 09:36:51.0093 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/09/15 09:36:51.0406 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/09/15 09:36:52.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/09/15 09:36:52.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/15 09:36:52.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/15 09:36:53.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/15 09:36:53.0875 atmeltpm (78a6db2682cd5ca28395423ccf0ccfae) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

2010/09/15 09:36:54.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/15 09:36:54.0671 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/09/15 09:36:55.0046 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/09/15 09:36:55.0765 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/09/15 09:36:56.0265 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/09/15 09:36:56.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/15 09:36:57.0140 bpfinder (502ada90bf0090557004328a11ea2085) C:\WINDOWS\system32\DRIVERS\bpfinder.sys

2010/09/15 09:36:57.0687 bpflt (cf99a29db455b6b0e414a83de372967d) C:\WINDOWS\system32\DRIVERS\bpflt.sys

2010/09/15 09:36:58.0078 bppccard (8f583f9746eb5486e8d4035165668864) C:\WINDOWS\system32\DRIVERS\bppccard.sys

2010/09/15 09:36:58.0421 bppnpdrv (f210675acdb3071ab62d1938430c1012) C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys

2010/09/15 09:36:59.0031 bpusbdrv (323f4e31b02eac5d7a2bde43443b14be) C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys

2010/09/15 09:36:59.0343 bpusbflt (387cfde2c29571c729eb639a079b2153) C:\WINDOWS\system32\DRIVERS\bpusbflt.sys

2010/09/15 09:36:59.0656 btaudio (f9b7bf50bb2111019f00bcf168754b50) C:\WINDOWS\system32\drivers\btaudio.sys

2010/09/15 09:36:59.0937 BTDriver (2ec53b652b8a425930611163c226788e) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/09/15 09:37:00.0656 BTKRNL (9eb1a41f33f834dee770777a4f507eff) C:\WINDOWS\system32\drivers\btkrnl.sys

2010/09/15 09:37:01.0140 BTWDNDIS (12bd8fa13f7bb232121402e543a8441b) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/09/15 09:37:01.0468 BTWUSB (2b53ddcc571948ddf0fd89b2589da435) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/09/15 09:37:01.0718 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/09/15 09:37:02.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/15 09:37:02.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/09/15 09:37:02.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/15 09:37:03.0265 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/15 09:37:03.0843 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

2010/09/15 09:37:04.0140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/15 09:37:04.0734 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/09/15 09:37:05.0265 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/09/15 09:37:05.0546 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/09/15 09:37:06.0125 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/09/15 09:37:06.0500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/09/15 09:37:06.0781 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/09/15 09:37:07.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/15 09:37:08.0125 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/15 09:37:08.0468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/15 09:37:08.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/15 09:37:09.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/15 09:37:09.0578 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/09/15 09:37:09.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/15 09:37:10.0453 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/09/15 09:37:10.0687 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

2010/09/15 09:37:11.0281 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS

2010/09/15 09:37:11.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/15 09:37:11.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/15 09:37:12.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/15 09:37:12.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/15 09:37:13.0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/15 09:37:13.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/15 09:37:14.0296 FTDIBUS (782f67cfc6c362257916bbb50bc55de9) C:\WINDOWS\system32\drivers\ftdibus.sys

2010/09/15 09:37:14.0609 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/15 09:37:14.0906 FTSER2K (4a995111f44cd6f35775865903f4f41e) C:\WINDOWS\system32\drivers\ftser2k.sys

2010/09/15 09:37:15.0468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/09/15 09:37:15.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/15 09:37:16.0281 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys

2010/09/15 09:37:16.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/15 09:37:17.0187 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/09/15 09:37:17.0656 HSFHWICH (7b555ff6647069bd1d68b4f9556a7b16) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

2010/09/15 09:37:18.0343 HSF_DP (43b60f94718841e13b9dd8905366bdbd) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2010/09/15 09:37:18.0750 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/15 09:37:19.0046 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/09/15 09:37:19.0328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/09/15 09:37:19.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/15 09:37:19.0968 ialm (4d27afcd58ac7db4c005c72d7634bc3f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/15 09:37:20.0296 ibmfilter (d4193760493da47d4d4580589e27f0ca) C:\WINDOWS\system32\drivers\ibmfilter.sys

2010/09/15 09:37:20.0937 IBMPMDRV (6f2dfa1b97463161b331a677f1a8d570) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

2010/09/15 09:37:21.0375 IBMTPCHK (927dd405f7aec212ffdec4f7f4ab2731) C:\WINDOWS\system32\drivers\IBMBLDID.SYS

2010/09/15 09:37:21.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/15 09:37:22.0234 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/09/15 09:37:22.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/09/15 09:37:23.0078 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/15 09:37:23.0390 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/15 09:37:23.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/15 09:37:24.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/15 09:37:24.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/15 09:37:24.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/15 09:37:25.0171 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/09/15 09:37:25.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/15 09:37:26.0265 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/15 09:37:26.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/15 09:37:27.0093 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/15 09:37:27.0421 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/15 09:37:27.0703 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/15 09:37:28.0296 lsusb (7a1d32fa7c074cdb643bd828b5effe08) C:\WINDOWS\system32\drivers\lsusb.sys

2010/09/15 09:37:28.0593 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/09/15 09:37:29.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/15 09:37:29.0468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/15 09:37:29.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/15 09:37:30.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/15 09:37:30.0656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/15 09:37:31.0171 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/09/15 09:37:31.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/15 09:37:31.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/15 09:37:32.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/15 09:37:32.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/15 09:37:33.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/15 09:37:33.0578 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/15 09:37:34.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/15 09:37:34.0406 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/15 09:37:34.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/15 09:37:35.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/15 09:37:35.0359 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/15 09:37:35.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/15 09:37:36.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/15 09:37:36.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/15 09:37:37.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/15 09:37:37.0437 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/15 09:37:37.0718 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2010/09/15 09:37:38.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/15 09:37:38.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/15 09:37:39.0312 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/15 09:37:39.0718 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/15 09:37:40.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/15 09:37:41.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/15 09:37:42.0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/15 09:37:43.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/15 09:37:43.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/15 09:37:44.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/15 09:37:45.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/09/15 09:37:47.0125 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/09/15 09:37:47.0703 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/09/15 09:37:48.0312 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys

2010/09/15 09:37:48.0593 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys

2010/09/15 09:37:49.0062 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys

2010/09/15 09:37:49.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/15 09:37:49.0640 PrivateDisk (c120b205614de6bd2a85c51cc77d69f0) C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys

2010/09/15 09:37:49.0968 PROCDD (884228979a63a63799b48a2926481ea1) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

2010/09/15 09:37:50.0281 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/15 09:37:50.0609 psadd (045f099f312492f8c0a2dfe10df69d52) C:\WINDOWS\system32\Drivers\psadd.sys

2010/09/15 09:37:51.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/15 09:37:51.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/15 09:37:51.0734 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

2010/09/15 09:37:52.0250 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/15 09:37:52.0531 QCNDISIF (d1666121638bb0d23081dcc41ecb21f0) C:\WINDOWS\system32\drivers\qcndisif.SYS

2010/09/15 09:37:53.0062 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/09/15 09:37:53.0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/09/15 09:37:53.0578 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/09/15 09:37:54.0187 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/09/15 09:37:54.0453 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/09/15 09:37:54.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/15 09:37:55.0500 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/09/15 09:37:56.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/15 09:37:56.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/15 09:37:56.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/15 09:37:57.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/15 09:37:57.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/15 09:37:58.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/15 09:37:58.0390 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/15 09:37:58.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/15 09:37:59.0343 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys

2010/09/15 09:37:59.0656 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/09/15 09:38:00.0234 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/09/15 09:38:00.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/15 09:38:01.0031 Ser2pl (b72e991d35d9ebe17e485497ab8cf002) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

2010/09/15 09:38:01.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/15 09:38:01.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/15 09:38:02.0265 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/09/15 09:38:02.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/09/15 09:38:03.0171 ShockMgr (a50f0e56ec9cd5fefcfa328a56e0e059) C:\WINDOWS\system32\drivers\ShockMgr.sys

2010/09/15 09:38:03.0531 Shockprf (621ff0dc997978a1289c55fa9058e18d) C:\WINDOWS\system32\drivers\Shockprf.sys

2010/09/15 09:38:04.0359 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/09/15 09:38:04.0578 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

2010/09/15 09:38:04.0750 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys

2010/09/15 09:38:05.0031 SmiHlp (1d47b56f3da50248f167d15cc1d03a03) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

2010/09/15 09:38:05.0343 smwdm (b09f23bf6e451b7a492b4a3d5eacfb24) C:\WINDOWS\system32\drivers\smwdm.sys

2010/09/15 09:38:05.0625 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/09/15 09:38:05.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/15 09:38:06.0406 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/15 09:38:06.0734 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/15 09:38:07.0312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/09/15 09:38:07.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/15 09:38:08.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/15 09:38:08.0484 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/09/15 09:38:08.0734 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/09/15 09:38:09.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/09/15 09:38:09.0453 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/09/15 09:38:10.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/15 09:38:10.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/15 09:38:10.0718 TcUsb (63e7729e6ebc6f136f648d293b2ffaac) C:\WINDOWS\system32\Drivers\tcusb.sys

2010/09/15 09:38:11.0234 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/15 09:38:11.0515 TDSMAPI (e9512ac82fff83808549267078b38fe5) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

2010/09/15 09:38:12.0015 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/15 09:38:12.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/15 09:38:12.0703 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/09/15 09:38:13.0250 Tp4Track (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys

2010/09/15 09:38:13.0546 TPDiskPM (1b4978f20dd8da3e51e3f8da85c59904) C:\WINDOWS\system32\drivers\TPDiskPM.sys

2010/09/15 09:38:14.0078 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys

2010/09/15 09:38:14.0406 TPInput (f17762cced1fef672b376fb302d356b2) C:\WINDOWS\system32\DRIVERS\TPInput.sys

2010/09/15 09:38:14.0718 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

2010/09/15 09:38:15.0218 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

2010/09/15 09:38:15.0562 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

2010/09/15 09:38:15.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/15 09:38:16.0375 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/09/15 09:38:16.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/15 09:38:16.0984 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/09/15 09:38:17.0281 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/15 09:38:17.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/15 09:38:18.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/15 09:38:18.0406 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/15 09:38:18.0734 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/15 09:38:19.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/15 09:38:19.0515 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/15 09:38:20.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/15 09:38:20.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/15 09:38:20.0625 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/09/15 09:38:20.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/09/15 09:38:21.0609 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/15 09:38:22.0515 w29n51 (39ac581f5b57e3074e3e5cdab9e7dff1) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2010/09/15 09:38:23.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/15 09:38:23.0703 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/15 09:38:24.0437 winachsf (c3d9c524cd25e19d212cacbfb925ee1f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/09/15 09:38:24.0875 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/15 09:38:25.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/15 09:38:25.0328 ================================================================================

2010/09/15 09:38:25.0328 Scan finished

2010/09/15 09:38:25.0328 ================================================================================

Link to post
Share on other sites

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hi, Kenny94,

The following is the log from Combofix. I think it ran successfully (?). Also, in the mean time I was able to install Avira and manually update the virus definitions (I could not do so otherwise), but I haven't run a scan yet. Waiting for further instructions.

Thank you very much for all of your help!

ComboFix 10-09-14.05 - Lissa MacVean 09/15/2010 10:46:36.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.661 [GMT -7:00]

Running from: c:\documents and settings\Lissa MacVean\My Documents\downloads\combofix\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}

c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\chrome.manifest

c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\chrome\content\_cfg.js

c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\chrome\content\overlay.xul

c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\install.rdf

c:\windows\apaqiqam.dll

c:\windows\Downloaded Program Files\ODCTOOLS

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))

.

2010-09-15 16:13 . 2010-09-15 16:13 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Avira

2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-13 03:54 . 2010-09-15 17:20 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Abine

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\program files\Avira

2010-09-15 16:05 . 2010-09-11 16:58 0 ----a-w- c:\windows\Pwelo.bin

2010-09-15 03:01 . 2010-09-11 16:58 120 ----a-w- c:\windows\Pmegozabocu.dat

2010-09-13 17:15 . 2006-02-03 18:06 -------- d-----w- c:\program files\Google

2010-09-12 07:00 . 2006-01-12 23:43 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2010-09-10 01:05 . 2006-02-11 22:43 60 ----a-w- c:\windows\wpd99.drv

2010-09-10 01:05 . 2006-02-11 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2010-09-08 21:14 . 2010-05-27 19:08 -------- d-----w- c:\program files\Quantum GIS Enceladus

2010-08-21 11:21 . 2010-09-13 03:53 225416 ----a-w- c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll

2010-08-17 13:17 . 2008-08-25 03:04 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-15 18:40 . 2006-01-12 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-15 18:40 . 2010-07-14 06:22 -------- d-----w- c:\program files\NewTech Infosystems

2010-08-04 23:52 . 2006-02-11 20:57 38504 -c--a-w- c:\documents and settings\Lissa MacVean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-04 23:44 . 2010-08-04 23:36 172892 ----a-w- c:\windows\hppins13.dat

2010-08-04 23:44 . 2010-08-04 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2010-08-04 23:44 . 2010-08-04 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard

2010-08-04 23:44 . 2010-08-04 23:38 -------- d-----w- c:\program files\HP

2010-07-22 15:49 . 2008-08-25 03:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 02:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-11 17:11 . 2006-01-12 23:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-06-30 12:31 . 2008-08-25 03:03 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:15 . 1980-01-01 08:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15 . 2008-08-25 03:04 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15 . 2008-08-25 03:04 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-23 13:44 . 2008-08-25 03:03 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-08-25 03:03 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 17:45 . 2008-08-25 03:03 293376 ----a-w- c:\windows\system32\winsrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

"amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976]

"TrackPointSrv"="tp4serv.exe" [2005-07-13 94208]

"TpShocks"="TpShocks.exe" [2005-06-23 86016]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-12 864256]

"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]

"TP4EX"="tp4ex.exe" [2005-08-02 40960]

"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-08-10 86016]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-10 139264]

"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152]

"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-08-10 98304]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]

"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-03 1988144]

"ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-10 208896]

"amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-15 648488]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-10-07 30264]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-07-12 17:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]

2005-08-10 11:08 262144 ------w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-06 07:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-06-17 06:23 24576 ------w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\BioSonics\\Dtx\\VisualAcquisition.exe"=

"c:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint01.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint64.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppnicifs01.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hpbtpg.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\LaunchApp.exe"=

"c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [1/12/2006 4:19 PM 14720]

R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [9/29/2003 10:36 AM 62359]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2010 9:09 AM 135336]

R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [6/26/2008 5:52 AM 204800]

R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 9:26 AM 46142]

R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 6:47 PM 3968]

R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 10:37 AM 3328]

R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [6/23/2004 2:13 PM 10653]

R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [1/12/2006 4:19 PM 6400]

S2 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;"c:\osgeo4w\apache\bin\httpd.exe" -k runservice --> c:\osgeo4w\apache\bin\httpd.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2009 1:59 PM 133104]

S3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [9/29/2003 10:37 AM 4538]

S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [9/29/2003 10:40 AM 5493]

S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [9/29/2003 10:57 AM 19670]

S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [9/29/2003 10:59 AM 111180]

S3 lsusb;lsusb;c:\windows\system32\drivers\lsusb.sys [1/29/2008 12:48 PM 165452]

S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [1/12/2006 4:43 PM 12288]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/1/1980 1:00 AM 13840]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59]

2010-09-15 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-01-12 09:10]

2010-09-15 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 05:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6092

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: windowsupdate.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll

FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll

FF - plugin: c:\documents and settings\Lissa MacVean\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe

HKLM-Run-Hlicehizaji - c:\windows\apaqiqam.dll

Notify-NavLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-15 11:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)

c:\program files\ThinkVantage Fingerprint Software\psfus.dll

c:\program files\Common Files\Virtual Token\psutil.dll

c:\program files\Common Files\Virtual Token\Remote.dll

c:\windows\system32\tphklock.dll

c:\program files\Common Files\Virtual Token\passport.dll

- - - - - - - > 'explorer.exe'(3860)

c:\windows\system32\WININET.dll

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\WinSCP3\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Virtual Token\vtserver.exe

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\java.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\System32\QCONSVC.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\System32\TPHDEXLG.EXE

c:\windows\system32\TpKmpSVC.exe

c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe

c:\windows\system32\TpShocks.exe

c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

c:\windows\system32\rundll32.exe

c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-09-15 11:28:11 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-15 18:28

Pre-Run: 4,525,805,568 bytes free

Post-Run: 5,625,339,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 9F8AE85FF7545E1AB3FB23122FE461EE

Link to post
Share on other sites

Also, in the mean time I was able to install Avira and manually update the virus definitions (I could not do so otherwise), but I haven't run a scan yet. Waiting for further instructions

Sounds good. We'll run a script will also remove some disabled startup items and address a couple of other leftovers. So, I'm reviewing your log and will have some more instructions for you in a short while. Thanks for your patience!

Link to post
Share on other sites

Hi ljm

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Next

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

Combofix.txt

MBAM Report

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Link to post
Share on other sites

Hi, Kenny --

OK, I reran with ComboFix with the text file, and then updated and ran MBAM. It seemed to go smoothly -- ComboFix took about 45 minutes in total (same as the first time). MBAM didn't find anything (log attached), but while the scan was running, Avira Antivir found a few things and I am attaching its report at the very end.

Things appear to be working fine now -- no more redirected searches! I am very grateful for your help!

Lissa

COMBOFIX:--------------------------------------------------------------------------------------------------

ComboFix 10-09-14.05 - Lissa MacVean 09/15/2010 17:25:41.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.850 [GMT -7:00]

Running from: c:\documents and settings\Lissa MacVean\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Lissa MacVean\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))

.

2010-09-15 16:13 . 2010-09-15 16:13 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Avira

2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-13 03:54 . 2010-09-16 00:17 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Abine

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 21:26 . 2006-02-11 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995

2010-09-15 21:26 . 2006-02-11 22:43 60 ----a-w- c:\windows\wpd99.drv

2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\program files\Avira

2010-09-15 16:05 . 2010-09-11 16:58 0 ----a-w- c:\windows\Pwelo.bin

2010-09-15 03:01 . 2010-09-11 16:58 120 ----a-w- c:\windows\Pmegozabocu.dat

2010-09-13 17:15 . 2006-02-03 18:06 -------- d-----w- c:\program files\Google

2010-09-12 07:00 . 2006-01-12 23:43 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2010-09-08 21:14 . 2010-05-27 19:08 -------- d-----w- c:\program files\Quantum GIS Enceladus

2010-08-21 11:21 . 2010-09-13 03:53 225416 ----a-w- c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll

2010-08-17 13:17 . 2008-08-25 03:04 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-15 18:40 . 2006-01-12 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-15 18:40 . 2010-07-14 06:22 -------- d-----w- c:\program files\NewTech Infosystems

2010-08-04 23:52 . 2006-02-11 20:57 38504 -c--a-w- c:\documents and settings\Lissa MacVean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-04 23:44 . 2010-08-04 23:36 172892 ----a-w- c:\windows\hppins13.dat

2010-08-04 23:44 . 2010-08-04 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2010-08-04 23:44 . 2010-08-04 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard

2010-08-04 23:44 . 2010-08-04 23:38 -------- d-----w- c:\program files\HP

2010-07-22 15:49 . 2008-08-25 03:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 02:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-11 17:11 . 2006-01-12 23:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-06-30 12:31 . 2008-08-25 03:03 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:15 . 1980-01-01 08:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15 . 2008-08-25 03:04 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15 . 2008-08-25 03:04 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-23 13:44 . 2008-08-25 03:03 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-08-25 03:03 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 17:45 . 2008-08-25 03:03 293376 ----a-w- c:\windows\system32\winsrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

"amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976]

"TrackPointSrv"="tp4serv.exe" [2005-07-13 94208]

"TpShocks"="TpShocks.exe" [2005-06-23 86016]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-12 864256]

"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]

"TP4EX"="tp4ex.exe" [2005-08-02 40960]

"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-08-10 86016]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-10 139264]

"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152]

"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-08-10 98304]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]

"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-03 1988144]

"ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-10 208896]

"amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-15 648488]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-10-07 30264]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-07-12 17:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]

2005-08-10 11:08 262144 ------w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-06 07:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-06-17 06:23 24576 ------w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\BioSonics\\Dtx\\VisualAcquisition.exe"=

"c:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint01.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint64.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppnicifs01.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\hpbtpg.exe"=

"c:\\HP_P2055_default_install_v6.1_ww\\setup\\LaunchApp.exe"=

"c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [1/12/2006 4:19 PM 14720]

R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [9/29/2003 10:36 AM 62359]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2010 9:09 AM 135336]

R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [6/26/2008 5:52 AM 204800]

R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 9:26 AM 46142]

R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 6:47 PM 3968]

R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 10:37 AM 3328]

R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [6/23/2004 2:13 PM 10653]

R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [1/12/2006 4:19 PM 6400]

S2 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;"c:\osgeo4w\apache\bin\httpd.exe" -k runservice --> c:\osgeo4w\apache\bin\httpd.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2009 1:59 PM 133104]

S3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [9/29/2003 10:37 AM 4538]

S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [9/29/2003 10:40 AM 5493]

S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [9/29/2003 10:57 AM 19670]

S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [9/29/2003 10:59 AM 111180]

S3 lsusb;lsusb;c:\windows\system32\drivers\lsusb.sys [1/29/2008 12:48 PM 165452]

S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [1/12/2006 4:43 PM 12288]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/1/1980 1:00 AM 13840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59]

2010-09-16 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-01-12 09:10]

2010-09-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 05:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: windowsupdate.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll

FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll

FF - plugin: c:\documents and settings\Lissa MacVean\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-15 17:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)

c:\program files\ThinkVantage Fingerprint Software\psfus.dll

c:\program files\Common Files\Virtual Token\psutil.dll

c:\program files\Common Files\Virtual Token\Remote.dll

c:\windows\system32\tphklock.dll

c:\program files\Common Files\Virtual Token\passport.dll

- - - - - - - > 'explorer.exe'(1564)

c:\windows\system32\WININET.dll

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\WinSCP3\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Virtual Token\vtserver.exe

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\java.exe

c:\windows\System32\QCONSVC.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\System32\TPHDEXLG.EXE

c:\windows\system32\TpKmpSVC.exe

c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe

c:\windows\system32\TpShocks.exe

c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

c:\windows\system32\rundll32.exe

c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2010-09-15 18:05:01 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-16 01:04

ComboFix2.txt 2010-09-15 18:28

Pre-Run: 5,632,966,656 bytes free

Post-Run: 5,603,110,912 bytes free

- - End Of File - - 07CE95D4B949F00E413EFFCD6DB8882A

MBAM:--------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4624

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

9/15/2010 6:33:47 PM

mbam-log-2010-09-15 (18-33-47).txt

Scan type: Quick scan

Objects scanned: 157176

Time elapsed: 22 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AVIRA ANTIVIR:--------------------------------------------------------------------------------------------------

Avira AntiVir Personal

Report file date: Wednesday, September 15, 2010 18:23

Scanning for 2847256 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : BERKELEYEFM-LM

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:36:40

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:36:40

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:36:40

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:36:40

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:36:42

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:36:42

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:36:42

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:36:42

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:36:44

VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 00:36:44

VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 00:36:44

VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 00:36:44

VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 00:36:44

VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 00:36:44

VBASE014.VDF : 7.10.11.166 2048 Bytes 9/15/2010 00:36:44

VBASE015.VDF : 7.10.11.167 2048 Bytes 9/15/2010 00:36:44

VBASE016.VDF : 7.10.11.168 2048 Bytes 9/15/2010 00:36:44

VBASE017.VDF : 7.10.11.169 2048 Bytes 9/15/2010 00:36:44

VBASE018.VDF : 7.10.11.170 2048 Bytes 9/15/2010 00:36:44

VBASE019.VDF : 7.10.11.171 2048 Bytes 9/15/2010 00:36:44

VBASE020.VDF : 7.10.11.172 2048 Bytes 9/15/2010 00:36:44

VBASE021.VDF : 7.10.11.173 2048 Bytes 9/15/2010 00:36:44

VBASE022.VDF : 7.10.11.174 2048 Bytes 9/15/2010 00:36:44

VBASE023.VDF : 7.10.11.175 2048 Bytes 9/15/2010 00:36:44

VBASE024.VDF : 7.10.11.176 2048 Bytes 9/15/2010 00:36:44

VBASE025.VDF : 7.10.11.177 2048 Bytes 9/15/2010 00:36:44

VBASE026.VDF : 7.10.11.178 2048 Bytes 9/15/2010 00:36:44

VBASE027.VDF : 7.10.11.179 2048 Bytes 9/15/2010 00:36:44

VBASE028.VDF : 7.10.11.180 2048 Bytes 9/15/2010 00:36:44

VBASE029.VDF : 7.10.11.181 2048 Bytes 9/15/2010 00:36:44

VBASE030.VDF : 7.10.11.182 2048 Bytes 9/15/2010 00:36:44

VBASE031.VDF : 7.10.11.187 48640 Bytes 9/15/2010 00:36:44

Engineversion : 8.2.4.52

AEVDF.DLL : 8.1.2.1 106868 Bytes 9/16/2010 00:36:38

AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/16/2010 00:36:38

AESCN.DLL : 8.1.6.1 127347 Bytes 9/16/2010 00:36:38

AESBX.DLL : 8.1.3.1 254324 Bytes 9/16/2010 00:36:38

AERDL.DLL : 8.1.8.2 614772 Bytes 9/16/2010 00:36:38

AEPACK.DLL : 8.2.3.5 471412 Bytes 9/16/2010 00:36:38

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/16/2010 00:36:36

AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/16/2010 00:36:36

AEHELP.DLL : 8.1.13.3 242038 Bytes 9/16/2010 00:36:36

AEGEN.DLL : 8.1.3.21 401780 Bytes 9/16/2010 00:36:36

AEEMU.DLL : 8.1.2.0 393588 Bytes 9/16/2010 00:36:36

AECORE.DLL : 8.1.16.2 192887 Bytes 9/16/2010 00:36:36

AEBB.DLL : 8.1.1.0 53618 Bytes 9/16/2010 00:36:36

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35

AVREP.DLL : 8.0.0.7 159784 Bytes 9/16/2010 00:36:44

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:

Jobname.............................: avguard_async_scan

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4cd06bb0\guard_slideup.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: high

Start of the scan: Wednesday, September 15, 2010 18:23

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'mbam.exe' - '1' Module(s) have been scanned

Scan process 'plugin-container.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'jucheck.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'pwmgr.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'UI.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'nmctxth.exe' - '1' Module(s) have been scanned

Scan process 'ipoint.exe' - '1' Module(s) have been scanned

Scan process 'itype.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'Amsg.exe' - '1' Module(s) have been scanned

Scan process 'cssauth.exe' - '1' Module(s) have been scanned

Scan process 'EzEjMnAp.Exe' - '1' Module(s) have been scanned

Scan process 'LPMGR.exe' - '1' Module(s) have been scanned

Scan process 'pdservice.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'QCWLICON.EXE' - '1' Module(s) have been scanned

Scan process 'TpScrex.exe' - '1' Module(s) have been scanned

Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned

Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned

Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned

Scan process 'TpShocks.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'logmon.exe' - '1' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned

Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned

Scan process 'UCLauncherService.exe' - '1' Module(s) have been scanned

Scan process 'tvtsched.exe' - '1' Module(s) have been scanned

Scan process 'rrservice.exe' - '1' Module(s) have been scanned

Scan process 'ibmtcsd.exe' - '1' Module(s) have been scanned

Scan process 'TpKmpSVC.exe' - '1' Module(s) have been scanned

Scan process 'TPHDEXLG.EXE' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SMAgent.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'java.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'LinksysUpdater.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'IPSSVC.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned

Scan process 'vtserver.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32\TDSSbeat.dat'

C:\WINDOWS\system32\TDSSbeat.dat

[DETECTION] Is the TR/Agent.439 Trojan

[NOTE] The file was moved to the quarantine directory under the name '4eafd3ca.qua'.

End of the scan: Wednesday, September 15, 2010 18:27

Used time: 03:07 Minute(s)

The scan has been done completely.

0 Scanned directories

76 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

75 Files not concerned

0 Archives were scanned

0 Warnings

1 Notes

The scan results will be transferred to the Guard.

Link to post
Share on other sites

There are some older versions of Java on your computer. These can be a source of infection.

[javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u121 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.