Jump to content

Recommended Posts

My Google browser has been deleted by a virus/malware program. Additionally, my yahoo search engine and all other seraches will redirect me to various add pages. I have deleted and reinstalled Malwarebyltes pro and it cannot find anything. Also I ran Viper, nothing found. I ran System Mechanic- nothing found. I ran ESET and it found 5 viruses but didn't fix the problem. I ran DSS and am including the log. I ran combofix and it also found nothing. I also ran several other programs and they could not fix the problem. I am including the logs of those. Rootkit found 164 issues (hooks) by I am reluctant to let it delete all of them. Next?

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Gene Simmons at 16:36:55 on 2011-06-04

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1663 [GMT -4:00]

.

AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Windows\system32\IPSSVC.EXE

C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

C:\Windows\system32\ASTSRV.EXE

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\msdtc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\Windows\system32\NLSSRV32.EXE

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Intuit\QuickBooks\QBDBMgrN.exe

C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe

C:\Windows\system32\rpcnet.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\snmptrap.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\System32\vds.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Windows Live\installer\WLSetupSvc.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Lenovo\Access Connections\AcSvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\dinotify.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bloomberg.com/

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

TB: Pictures: {8e929f51-5914-11d6-971f-0050fc3f9161} - c:\program files\diodia software\pictures toolbar\Pictures.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File

TB: {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [TpShocks] TpShocks.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [wanActivate] c:\program files\lenovo\activatewan\WanActivate.exe -check

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe

mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

StartupFolder: c:\users\genesi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\genesi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\windows\system32\iavlsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://www.lojackforlaptops.com/ctmweb/testoc.cab

DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://download.boulder.ibm.com/ibmdl/pub/pc/pccbbs/bp_pc/acpirexe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab

TCP: Interfaces\{12C6B155-AF3B-4C6C-96B7-348E01C098A8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{12C6B155-AF3B-4C6C-96B7-348E01C098A8}\8457E6475627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{12C6B155-AF3B-4C6C-96B7-348E01C098A8}\8457E64756272425 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{12C6B155-AF3B-4C6C-96B7-348E01C098A8}\C416A7971436275637 : DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{12C6B155-AF3B-4C6C-96B7-348E01C098A8}\C416A7971436275637F5548545 : DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{1A6D9EAA-48F0-4A38-8B06-BD2F09BF1F22} : NameServer = 66.174.71.33 69.78.96.14

TCP: Interfaces\{1B6AF735-28F5-4C2D-B22B-2EBF05055A8F} : DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{41B59734-EE57-4985-BC71-3EAB34FFD1A8} : DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{41B59734-EE57-4985-BC71-3EAB34FFD1A8}\3416D656C6F647 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{41B59734-EE57-4985-BC71-3EAB34FFD1A8}\8457E6475627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\25F636B60235F6C69646 : DhcpNameServer = 101.23.5.1

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 70.184.24.1 66.210.207.6 70.184.24.2

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\8457E6475627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\8457E64756272425 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\84F6C6964616970294E6E602F4E6D275966496021363 : DhcpNameServer = 192.168.182.1

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\8686F6E6F62737 : DhcpNameServer = 10.10.10.1

TCP: Interfaces\{A02E7156-8259-4C68-95B7-DAEA4F355E1F}\E4544574541425 : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-2-2 911680]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-6 20392]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-2-3 13680]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-6-1 78936]

R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-2-2 2480048]

R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2010-9-11 127016]

R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2010-9-11 1118248]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-3-25 724152]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-3-25 724152]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-5-1 93032]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-1-12 196928]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-7-20 4446752]

R2 QuickBooksDB18;QuickBooksDB18;c:\program files\intuit\quickbooks\qbdbmgrn.exe -hvquickbooksdb18 --> c:\program files\intuit\quickbooks\QBDBMgrN.exe -hvQuickBooksDB18 [?]

R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2011-4-22 40960]

R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-5-1 99328]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-2-3 64440]

R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]

R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-2-2 160288]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-25 6628352]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-5-31 9472]

R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2011-5-8 114704]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-2-3 45496]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-24 363344]

S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-9 569344]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-12-26 29736]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]

S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2007-4-10 72576]

S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2007-1-12 102144]

S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-11-27 75264]

S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]

S4 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]

S4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2010-2-3 54632]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-06-04 19:46:07 -------- d-----w- C:\$RECYCLE.BIN

2011-06-04 19:18:27 98816 ----a-w- c:\windows\sed.exe

2011-06-04 19:18:27 518144 ----a-w- c:\windows\SWREG.exe

2011-06-04 19:18:27 256512 ----a-w- c:\windows\PEV.exe

2011-06-04 19:18:27 208896 ----a-w- c:\windows\MBR.exe

2011-06-04 19:18:09 -------- d-----w- C:\ComboFix

2011-06-01 06:37:32 -------- d-----w- c:\users\gene simmons\appdata\roaming\Sunbelt

2011-06-01 06:37:25 -------- d-----w- c:\programdata\Sunbelt

2011-06-01 06:35:24 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys

2011-06-01 06:35:22 -------- d-----w- c:\program files\Sunbelt Software

2011-06-01 05:52:23 801792 ----a-w- c:\windows\system32\FntCache.dll

2011-06-01 05:46:58 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b64d20ca-99c4-4a63-ae27-f5791e151a8b}\mpengine.dll

2011-05-19 19:51:04 -------- d-----w- C:\found.002

2011-05-11 20:55:16 42832 ----a-w- c:\windows\system32\sbbd.exe

2011-05-11 20:26:04 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-05-08 15:49:52 729088 ----a-w- c:\windows\system32\hpowiax5.dll

2011-05-08 15:49:52 303104 ----a-w- c:\windows\system32\hpovst12.dll

2011-05-08 15:49:50 966656 ----a-w- c:\windows\system32\hpotiop5.dll

2011-05-08 13:11:36 160400 ----a-w- c:\windows\system32\drivers\PTDCVsp.sys

2011-05-08 13:11:36 160400 ----a-w- c:\windows\system32\drivers\PTDCMdm.sys

2011-05-08 13:11:36 114704 ----a-w- c:\windows\system32\drivers\PTDCWWAN.sys

2011-05-08 13:11:35 54032 ----a-w- c:\windows\system32\drivers\PTDCBus.sys

2011-05-08 13:11:35 -------- d-----w- c:\program files\PANTECH

.

==================== Find3M ====================

.

2011-06-04 19:45:28 57752 ----a-w- c:\windows\system32\rpcnet.dll

2011-06-04 19:45:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-06-04 19:45:09 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-06-01 05:52:23 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-05-13 21:07:37 2469728 ----a-w- c:\windows\system32\AutoPartNt.exe

2011-04-29 18:15:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-04-16 03:25:28 59 ----a-w- c:\windows\wpd99.drv

2011-04-16 03:05:30 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2011-04-16 03:05:30 249856 ----a-w- c:\windows\system32\pdfmona.dll

2011-03-11 05:54:14 87688 ----a-w- c:\windows\system32\IncContxMenu.dll

2011-03-11 05:53:30 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-03-11 05:53:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-03-11 05:36:40 2234552 ----a-w- c:\windows\system32\Incinerator.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: ST950056 rev.SD25 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: >>UNKNOWN [0x82E42000]<< >>UNKNOWN [0x8BE00000]<< >>UNKNOWN [0x8BFE7000]<< >>UNKNOWN [0x84280000]<< >>UNKNOWN [0x82E0B000]<< >>UNKNOWN [0x8737B1ED]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x82E7E448] -> \Device\Harddisk0\DR0[0x87325030]

\Driver\Disk[0x87324C50] -> IRP_MJ_CREATE -> 0x8BE0439F

3 [0x8BE0459E] -> ntkrnlpa!IofCallDriver[0x82E7E448] -> [0x868C8338]

\Driver\ACPI[0x85C12668] -> IRP_MJ_CREATE -> 0x842894AA

5 [0x842893B2] -> ntkrnlpa!IofCallDriver[0x82E7E448] -> \Device\Ide\IAAStorageDevice-0[0x86905028]

\Driver\iaStor[0x868C8230] -> IRP_MJ_CREATE -> 0x8B648E6A

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 16:37:26.21 ===============

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #2

==============================================

>SSDT State

==============================================

==============================================

>Shadow

==============================================

==============================================

>Processes

==============================================

0x8784BD40 [500] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x891CB0E0 [704] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x89886D40 [760] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x89888030 [772] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x898AFD40 [808] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x898885E0 [824] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x8989E418 [832] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x89916A40 [952] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x85DA3870 [988] C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe (Microsoft, StreetsOlkShim.exe)

0x8997F030 [1084] C:\Windows\System32\ibmpmsvc.exe (Lenovo., ThinkPad Power Management Service)

0x8939ABF8 [1124] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 186.94)

0x899939F8 [1172] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x899787A0 [1240] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x89A89578 [1272] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8974B6F0 [1308] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x89AB3D40 [1404] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x89B9AD40 [1448] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x89BA0D40 [1484] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x897442D8 [1548] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)

0x89BEE530 [1608] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x89E71D40 [1752] C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc., Fingerprint Server Process for Vista)

0x89D19030 [1844] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 186.94)

0x89D378B0 [1872] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x89D76D40 [1948] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x89DCE030 [2004] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A389C88 [2096] C:\Windows\System32\rpcnet.exe (Absolute Software Corp., rpcnet)

0x8A76E918 [2256] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited, scheduler_proxy Application)

0x8A3846E8 [2276] C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software, Sunbelt Software Anti Malware Service)

0x8A397D40 [2280] C:\Windows\System32\snmptrap.exe (Microsoft Corporation, SNMP Trap)

0x8A359770 [2324] C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software, Plug-in Manager Service)

0x89C3CBE0 [2340] C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited, ThinkPad Message Client Loader)

0x89C4DD40 [2364] C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited, On screen display Fn+Fx handler)

0x8605CBC8 [2384] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)

0x89D59880 [2400] C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited, IPS Core Service)

0x89EEEA40 [2436] C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo, ThinkVantage Access Connections Profile Manager Service)

0x8986CB30 [2452] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8996A030 [2472] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis, Acronis Scheduler 2)

0x89F018E0 [2512] C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

0x8A73F030 [2620] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis, Acronis Scheduler Helper)

0x89F1D7A0 [2660] C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis, File Level CDP Manager Service)

0x8A243D40 [2772] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation, SQL Browser Service EXE)

0x8A404D40 [2792] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation, SQL Server VSS Writer)

0x89F605B0 [2804] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)

0x89299660 [2828] C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation, Microsoft ASP.NET State Server)

0x8A006030 [2860] C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd., Nalpeiron Highend Service)

0x89F814F0 [2884] C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation, BCM SQL Startup Service)

0x89DE5030 [2920] C:\Windows\System32\dinotify.exe (Microsoft Corporation, Windows Device Installation)

0x8A044D40 [2936] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)

0x89FF6508 [2968] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x89FFA030 [3000] C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation., Bluetooth Support Server)

0x8A054030 [3024] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A0859D0 [3100] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A099570 [3124] C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation, IDriverT Module)

0x89F1E030 [3228] C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co., HP CUE Alert Popup Window Objects)

0x877F08F0 [3420] C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC, iolo System component)

0x8A1F68A0 [3484] C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited, Auto Scroll Start Service)

0x8A2099D0 [3508] C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation, Machine Debug Manager)

0x8A20DD40 [3548] C:\Windows\System32\msdtc.exe (Microsoft Corporation, Microsoft Distributed Transaction Coordinator Service)

0x8A428030 [3616] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A25CD40 [3664] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A23FBE8 [3752] C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software, Solid Spool Service)

0x8A22E728 [3784] C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd., This service enables products that use the Nalpeiron Licensing System )

0x8A282720 [3820] C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe (-, NVIDIA Performance Driver Service)

0x89E8DD40 [3876] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A3AD030 [3892] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)

0x8A726D40 [3944] C:\Windows\System32\TpShocks.exe (Lenovo., ThinkVantage Active Protection System)

0x8A2079E0 [3960] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A26B878 [3976] C:\Program Files\Intuit\QuickBooks\QBDBMgrN.exe (iAnywhere Solutions, Inc., Adaptive Server Anywhere Network Server)

0x8A2E7450 [4004] C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek, RtlService MFC Application)

0x8A32DBE8 [4072] C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp., RtWLan ( For Vista / Win7) Application(External Registrar))

0x8A4496D0 [4160] C:\Windows\System32\TPHDEXLG.exe (Lenovo., ThinkVantage Active Protection System - HDD Logger Module)

0x8A37B640 [4220] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A4EE420 [4428] C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

0x86474548 [4448] C:\Windows\System32\UI0Detect.exe (Microsoft Corporation, Interactive services detection)

0x8A42DD40 [4476] C:\Windows\System32\vds.exe (Microsoft Corporation, Virtual Disk Service)

0x8A4A1030 [4552] C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc, AVSDK5 Dispatcher/Notification Server)

0x8A525030 [4632] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A5265F0 [4660] C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation, Windows Live Setup Service)

0x8A5B5D40 [4724] C:\Windows\System32\wbem\WmiApSrv.exe (Microsoft Corporation, WMI Performance Reverse Adapter)

0x8A521A18 [4756] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)

0x8A5A6A08 [4784] C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo, ThinkVantage Access Connections Main Service)

0x8A5ABD40 [4796] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)

0x8A551318 [5000] C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc, AVSDK5 Active Protection Singleton Service)

0x8A73CD40 [5080] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited, On screen display message generator for ThinkPad)

0x8A75B030 [5164] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis, Acronis True Image Monitor)

0x89AA7660 [5220] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8A51DD40 [5400] C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited, Lenovo Auto Scroll Utility)

0x8625F9F0 [5464] C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (Hewlett-Packard Co., HP Smart Web Printing add-on for Internet Explorer)

0x89CD3340 [5656] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)

0x8A8237B0 [5760] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited, Maintenance Manager Scheduler)

0x89F6A3A0 [6080] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x8A70DBC8 [6132] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc., SMax4PNP)

0x85D3D9D8 [6268] C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc., VZAccess Manager)

0x8A70D030 [6296] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)

0x8A80ED40 [6336] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)

0x8A7EBD40 [6488] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard, hpwuSchd Application)

0x8A2EEAC0 [6552] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)

0x8A78F5D0 [6568] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)

0x8A8F2030 [6680] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software, SBAMTray Application)

0x8A808030 [6716] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)

0x8A863A58 [6748] C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems, RoboForm TaskBar Icon)

0x8A865BE0 [6792] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)

0x8A265940 [6808] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co., HP CUE Status Root)

0x8A7AFD40 [6896] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co., HP Digital Imaging Monitor)

0x85DD1A50 [6932] C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)

0x87869030 [7036] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)

0x8A8C0D40 [7088] C:\Program Files\PdaNet for Android\PdaNetPC.exe

0x8A12CD40 [7712] C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard, GPCore COM object)

0x86353030 [7848] C:\Users\Gene Simmons\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)

0x87E0F930 [8004] C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited, ThinkVantage System Update Service)

0x89CC7C80 [8152] C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited, ThinkVantage Registry Monitor Service)

0x85B49A20 [4] System

==============================================

>Drivers

==============================================

0x92C38000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9826304 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.94 )

0x91E35000 C:\Windows\system32\DRIVERS\netw5v32.sys 6668288 bytes (Intel Corporation, Intel

Link to post
Share on other sites

  • Staff

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

After you post that, do the following:

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.