Jump to content

Google redirect aftereffects and Trojan.tracur


Recommended Posts

My computer has had several virus problems recently. Right now there are two problems:

(1) Errors starting around time computer was infected with Google redirect virus. I might have gotten rid of the virus--at least Google works now--but I still get two error messages: "suservice.exe has encountered a problem and must close" on start, and "MessageCenterPlus.exe has encountered a problem and must close" at random times.

(2) Trojan.tracur keeps reinfecting the computer. I remove it with MBAM, and a day or two later it comes back! Very frustrating.

I have McAfee AntiVirus Plus. Should I get a different anti-virus program? Thanks!

Note: DeFogger did not ask to reboot the machine.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Elaine at 5:36:14 on 2011-06-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.421 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110620231304.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: 58ef942d: {b43eb041-c4e5-2c42-2d1a-f7282d86b333} - c:\windows\system32\mciqtz3232.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\www.update

Trusted Zone: westlaw.com\web2

Trusted Zone: westlaw.com\www

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307075132633

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{19E47B5D-BCE3-455A-AA30-0C9798FBC819} : DhcpNameServer = 192.168.2.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: ACNotify - ACNotify.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll

AppInit_DLLs: c:\windows\system32\mciqtz3232.dll

LSA: Notification Packages = scecli ACGina psqlpwd

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-3 459728]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-3 89368]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 88176]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-3 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-3 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-3 165000]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-3 159832]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-3 148520]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-3 179248]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-3 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-3 337912]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-3 83688]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 AcPrfMgrSvc32;Ac Profile Manager Service ;c:\windows\system32\fontext32.exe --> c:\windows\system32\fontext32.exe [?]

S2 EventSystem32;COM+ Event System ;c:\windows\system32\dot3svc32.exe --> c:\windows\system32\dot3svc32.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\usrv80a32.exe --> c:\windows\system32\usrv80a32.exe [?]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-3 57432]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-3 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-3 85984]

.

=============== Created Last 30 ================

.

2011-06-20 03:34:17 -------- d-----w- c:\windows\pss

2011-06-19 13:04:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-18 20:06:42 173056 ----a-w- c:\windows\system32\mciqtz3232.dll

.

==================== Find3M ====================

.

2011-06-26 15:18:12 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-28 16:08:44 1134 ----a-w- C:\FixNCR.reg

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 5:37:33.20 ===============

attach.zip

Link to post
Share on other sites

Hello EWH and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

2011/06/30 08:16:30.0328 0756 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/06/30 08:16:30.0828 0756 ================================================================================

2011/06/30 08:16:30.0828 0756 SystemInfo:

2011/06/30 08:16:30.0828 0756

2011/06/30 08:16:30.0828 0756 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/30 08:16:30.0828 0756 Product type: Workstation

2011/06/30 08:16:30.0828 0756 ComputerName: MRDATA

2011/06/30 08:16:30.0828 0756 UserName: Elaine

2011/06/30 08:16:30.0828 0756 Windows directory: C:\WINDOWS

2011/06/30 08:16:30.0828 0756 System windows directory: C:\WINDOWS

2011/06/30 08:16:30.0828 0756 Processor architecture: Intel x86

2011/06/30 08:16:30.0828 0756 Number of processors: 2

2011/06/30 08:16:30.0828 0756 Page size: 0x1000

2011/06/30 08:16:30.0828 0756 Boot type: Normal boot

2011/06/30 08:16:30.0828 0756 ================================================================================

2011/06/30 08:16:32.0187 0756 Initialize success

2011/06/30 08:16:36.0109 3584 ================================================================================

2011/06/30 08:16:36.0109 3584 Scan started

2011/06/30 08:16:36.0109 3584 Mode: Manual;

2011/06/30 08:16:36.0109 3584 ================================================================================

2011/06/30 08:16:38.0125 3584 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/06/30 08:16:38.0140 3584 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/06/30 08:16:38.0187 3584 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/30 08:16:38.0203 3584 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/06/30 08:16:38.0265 3584 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/06/30 08:16:38.0296 3584 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/30 08:16:38.0312 3584 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys

2011/06/30 08:16:38.0328 3584 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/30 08:16:38.0359 3584 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/06/30 08:16:38.0406 3584 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/30 08:16:38.0437 3584 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/30 08:16:38.0453 3584 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/30 08:16:38.0484 3584 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/06/30 08:16:38.0500 3584 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/30 08:16:38.0515 3584 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/30 08:16:38.0546 3584 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/30 08:16:38.0562 3584 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/30 08:16:38.0578 3584 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/30 08:16:38.0578 3584 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/06/30 08:16:38.0625 3584 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

2011/06/30 08:16:38.0640 3584 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/30 08:16:38.0656 3584 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/06/30 08:16:38.0671 3584 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/06/30 08:16:38.0687 3584 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/06/30 08:16:38.0718 3584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/30 08:16:38.0750 3584 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/30 08:16:38.0781 3584 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/30 08:16:38.0828 3584 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

2011/06/30 08:16:38.0859 3584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/30 08:16:38.0875 3584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/30 08:16:38.0937 3584 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/06/30 08:16:38.0968 3584 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/06/30 08:16:38.0984 3584 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/30 08:16:39.0000 3584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/30 08:16:39.0015 3584 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/30 08:16:39.0031 3584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/30 08:16:39.0046 3584 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/30 08:16:39.0078 3584 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/30 08:16:39.0109 3584 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/06/30 08:16:39.0125 3584 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/30 08:16:39.0140 3584 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/30 08:16:39.0156 3584 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/30 08:16:39.0218 3584 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/30 08:16:39.0234 3584 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/30 08:16:39.0250 3584 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/30 08:16:39.0312 3584 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/06/30 08:16:39.0328 3584 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/06/30 08:16:39.0343 3584 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/06/30 08:16:39.0359 3584 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/06/30 08:16:39.0375 3584 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/06/30 08:16:39.0375 3584 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/06/30 08:16:39.0390 3584 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/06/30 08:16:39.0406 3584 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/06/30 08:16:39.0421 3584 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/06/30 08:16:39.0484 3584 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/30 08:16:39.0515 3584 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/30 08:16:39.0531 3584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/30 08:16:39.0562 3584 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/30 08:16:39.0609 3584 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/30 08:16:39.0609 3584 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/30 08:16:39.0625 3584 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/06/30 08:16:39.0640 3584 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/06/30 08:16:39.0687 3584 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/30 08:16:39.0750 3584 e1express (e1e31cb759ced9bae730b86171b9c9fd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/06/30 08:16:39.0781 3584 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/30 08:16:39.0796 3584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/30 08:16:39.0828 3584 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/30 08:16:39.0859 3584 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/30 08:16:39.0890 3584 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/30 08:16:39.0906 3584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/30 08:16:39.0921 3584 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/30 08:16:39.0968 3584 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/30 08:16:40.0000 3584 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/30 08:16:40.0015 3584 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/30 08:16:40.0062 3584 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/30 08:16:40.0109 3584 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/06/30 08:16:40.0156 3584 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/06/30 08:16:40.0218 3584 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/30 08:16:40.0250 3584 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/30 08:16:40.0281 3584 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/30 08:16:40.0312 3584 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/30 08:16:40.0343 3584 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/06/30 08:16:40.0359 3584 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

2011/06/30 08:16:40.0390 3584 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

2011/06/30 08:16:40.0421 3584 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/30 08:16:40.0453 3584 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/06/30 08:16:40.0484 3584 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/30 08:16:40.0531 3584 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/30 08:16:40.0562 3584 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/30 08:16:40.0609 3584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/30 08:16:40.0640 3584 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/30 08:16:40.0671 3584 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/30 08:16:40.0687 3584 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/30 08:16:40.0734 3584 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/30 08:16:40.0781 3584 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/30 08:16:40.0828 3584 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/06/30 08:16:40.0859 3584 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/30 08:16:40.0875 3584 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/30 08:16:40.0906 3584 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/30 08:16:40.0984 3584 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/06/30 08:16:41.0015 3584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/30 08:16:41.0062 3584 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/30 08:16:41.0062 3584 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/30 08:16:41.0109 3584 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/30 08:16:41.0125 3584 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/30 08:16:41.0171 3584 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

2011/06/30 08:16:41.0218 3584 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/30 08:16:41.0234 3584 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/30 08:16:41.0296 3584 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/30 08:16:41.0328 3584 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/30 08:16:41.0343 3584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/30 08:16:41.0359 3584 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/30 08:16:41.0375 3584 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/30 08:16:41.0421 3584 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/30 08:16:41.0453 3584 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/30 08:16:41.0468 3584 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/30 08:16:41.0500 3584 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/30 08:16:41.0531 3584 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/30 08:16:41.0546 3584 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/30 08:16:41.0578 3584 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/30 08:16:41.0593 3584 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/30 08:16:41.0609 3584 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/30 08:16:41.0734 3584 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2011/06/30 08:16:41.0828 3584 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/30 08:16:41.0843 3584 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/30 08:16:41.0875 3584 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/30 08:16:41.0937 3584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/30 08:16:42.0156 3584 nv (be701381b9c277a2bb84b0aa1e9b6789) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/30 08:16:42.0406 3584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/30 08:16:42.0421 3584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/30 08:16:42.0468 3584 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/30 08:16:42.0500 3584 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/30 08:16:42.0546 3584 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/30 08:16:42.0562 3584 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/30 08:16:42.0578 3584 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/30 08:16:42.0609 3584 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/30 08:16:42.0625 3584 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/06/30 08:16:42.0718 3584 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/30 08:16:42.0734 3584 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/30 08:16:42.0796 3584 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

2011/06/30 08:16:42.0828 3584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/30 08:16:42.0875 3584 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

2011/06/30 08:16:42.0890 3584 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/30 08:16:42.0937 3584 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys

2011/06/30 08:16:42.0953 3584 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/30 08:16:42.0968 3584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/30 08:16:43.0015 3584 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/30 08:16:43.0046 3584 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/30 08:16:43.0062 3584 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/30 08:16:43.0093 3584 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/30 08:16:43.0125 3584 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/30 08:16:43.0156 3584 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/30 08:16:43.0187 3584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/30 08:16:43.0218 3584 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/30 08:16:43.0234 3584 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/30 08:16:43.0250 3584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/30 08:16:43.0281 3584 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/30 08:16:43.0312 3584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/30 08:16:43.0328 3584 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/30 08:16:43.0390 3584 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/30 08:16:43.0437 3584 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/30 08:16:43.0468 3584 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/06/30 08:16:43.0500 3584 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/06/30 08:16:43.0515 3584 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/06/30 08:16:43.0562 3584 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/06/30 08:16:43.0609 3584 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/06/30 08:16:43.0656 3584 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/30 08:16:43.0687 3584 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/30 08:16:43.0718 3584 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/30 08:16:43.0750 3584 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/30 08:16:43.0796 3584 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys

2011/06/30 08:16:43.0843 3584 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/30 08:16:43.0890 3584 smihlp (350483c5a139f8a39ed3191aff39bed0) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys

2011/06/30 08:16:43.0953 3584 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/06/30 08:16:43.0984 3584 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/30 08:16:44.0000 3584 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/30 08:16:44.0046 3584 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/30 08:16:44.0093 3584 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/30 08:16:44.0109 3584 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/30 08:16:44.0140 3584 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/30 08:16:44.0171 3584 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/30 08:16:44.0203 3584 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/30 08:16:44.0218 3584 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/30 08:16:44.0265 3584 SynTP (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/06/30 08:16:44.0296 3584 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/30 08:16:44.0343 3584 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/30 08:16:44.0390 3584 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/06/30 08:16:44.0406 3584 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/30 08:16:44.0437 3584 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/30 08:16:44.0625 3584 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/30 08:16:44.0671 3584 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/30 08:16:44.0703 3584 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

2011/06/30 08:16:44.0734 3584 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

2011/06/30 08:16:44.0781 3584 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

2011/06/30 08:16:44.0812 3584 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

2011/06/30 08:16:44.0859 3584 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

2011/06/30 08:16:44.0875 3584 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys

2011/06/30 08:16:44.0921 3584 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys

2011/06/30 08:16:44.0968 3584 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/30 08:16:45.0046 3584 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/30 08:16:45.0125 3584 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/30 08:16:45.0171 3584 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/30 08:16:45.0187 3584 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/30 08:16:45.0218 3584 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/30 08:16:45.0281 3584 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/30 08:16:45.0328 3584 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/30 08:16:45.0375 3584 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/30 08:16:45.0421 3584 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/06/30 08:16:45.0484 3584 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/30 08:16:45.0546 3584 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/30 08:16:45.0578 3584 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/30 08:16:45.0640 3584 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/30 08:16:45.0703 3584 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/06/30 08:16:45.0765 3584 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/06/30 08:16:45.0812 3584 MBR (0x1B8) (6f884fb39fe789dee5191253bc17d98b) \Device\Harddisk0\DR0

2011/06/30 08:16:45.0828 3584 MBR (0x1B8) (aeab3eac7a4e3f40ae6d6479c6b4e1ba) \Device\Harddisk1\DR3

2011/06/30 08:16:45.0859 3584 Boot (0x1200) (3968a1e1795be8c3289bd31ef9f3e6af) \Device\Harddisk0\DR0\Partition0

2011/06/30 08:16:45.0859 3584 ================================================================================

2011/06/30 08:16:45.0859 3584 Scan finished

2011/06/30 08:16:45.0859 3584 ================================================================================

2011/06/30 08:16:45.0875 0612 Detected object count: 0

2011/06/30 08:16:45.0875 0612 Actual detected object count: 0

Link to post
Share on other sites

ComboFix seems like its frozen on the install. I clicked I agree on the disclaimer. The green progress bar goes a little more than halfway across. The screen shows a number of files extracted, then two output folders created. It's not doing anything more. The "Cancel", "<Back", and "Close" buttons are grayed out and inactive.

Link to post
Share on other sites

I ended ComboFix through the task manager, deleted the program, then downloaded it again. Now I get an error message during the install:

Error opening file for writing:

C:\32788R22FWJFW\iexploere.exe

My choices are Abort, Retry, or Ignore. Retry gets me the same error message, so I aborted.

I have to go to work now, so I won't be able to try anything more until tonight. Thanks for your help!

Link to post
Share on other sites

I ended ComboFix through the task manager, deleted the program, then downloaded it again. Now I get an error message during the install:

Error opening file for writing:

C:\32788R22FWJFW\iexploere.exe

My choices are Abort, Retry, or Ignore. Retry gets me the same error message, so I aborted.

You should NOT be doing things with ComboFix other than what I have instructed you to. ComboFix is a VERY powerful tool, and if used incorrectly, can render your machine a useless doorstop.

With that said, let's try this:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Locate ComboFix.exe on your Desktop, and run it. If successful, a log will be created. Please post that C:\ComboFix.txt in your next reply. :)

Link to post
Share on other sites

Sorry!

I think I know what I did wrong, and I'm stuck again. Originally, I uninstalled McAfee through the control panel and restarted, but apparently forgot to run MCPR.exe to finish cleanup as instructed here. After running TDSSkiller and posting the log, I had the previously mentioned problem installing Combofix.

After reading your response (and still without realizing that I failed to complete the McAfee cleanup) I restarted in safe mode. ComboFix successfully installed, but soon gave me the following error message:

ComboFix had detected the following real time scanner(s) to be active:

antivirus: McAfee Anti-Virus and Anti-Spyware

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable resultes or possible machine damage.

Please disable these scanners before clicking 'OK'.

I would run MCPR.exe at this point to finish the cleanup, but I'm concerned that it will restart the computer when it is done, cutting off the ComboFix program. There is no 'abort' or 'cancel' option in the ComboFix message box. What should I do?

Link to post
Share on other sites

ComboFix 11-06-30.03 - Elaine 06/30/2011 23:33:32.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.675 [GMT -5:00]

Running from: c:\documents and settings\Elaine\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Elaine\WINDOWS

c:\windows\system32\mciqtz3232.dll

c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))

.

.

2011-06-19 13:04 . 2011-06-19 13:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-26 15:18 . 2008-08-06 06:40 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys

2011-05-29 14:11 . 2011-05-28 18:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2011-05-28 18:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-28 16:08 . 2011-05-28 18:35 1134 ----a-w- C:\FixNCR.reg

2011-05-02 15:31 . 2006-04-30 07:10 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-04-30 06:55 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-04-30 06:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-04-30 06:55 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]

"TpShocks"="TpShocks.exe" [2007-11-22 181536]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]

"nwiz"="nwiz.exe" [2007-12-10 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]

"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-08-11 249856]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-6 50688]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-15 05:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 8:32 PM 19504]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 12:10 AM 11152]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 AcPrfMgrSvc32;Ac Profile Manager Service ;c:\windows\system32\fontext32.exe --> c:\windows\system32\fontext32.exe [?]

S2 EventSystem32;COM+ Event System ;c:\windows\system32\dot3svc32.exe --> c:\windows\system32\dot3svc32.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:28 PM 135664]

S2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\usrv80a32.exe --> c:\windows\system32\usrv80a32.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:28 PM 135664]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

2011-07-01 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-06 14:17]

.

2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:28]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:28]

.

2011-07-01 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-06 16:22]

.

2011-07-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\www.update

Trusted Zone: westlaw.com\web2

Trusted Zone: westlaw.com\www

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{B43EB041-C4E5-2C42-2D1A-F7282D86B333} - c:\windows\system32\mciqtz3232.dll

Notify-ACNotify - ACNotify.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-30 23:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1400)

c:\windows\system32\vrlogon.dll

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\program files\ThinkVantage Fingerprint Software\remote.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

c:\program files\ThinkVantage Fingerprint Software\crypto.dll

.

- - - - - - - > 'explorer.exe'(2632)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\TpShocks.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\system32\rundll32.exe

c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2011-06-30 23:44:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-01 04:44

.

Pre-Run: 129,422,950,400 bytes free

Post-Run: 129,731,031,040 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 231EE2E2AA76CC516E1969027121ACAE

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 11

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

Your logs look better! How is your system running now?

Let's run some online scans to see if there are any traces:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

Turns out my ComboFix was outdated, so it let me cancel the program. I uninstalled the outdated version, ran MCPR.exe to finish uninstalling McAfee, downloaded the new ComboFix, and ran it successfully. I've posted its log and the Security Check log above.

We've had partial successs. I no longer get the suservice.exe-has-encountered-a-problem message on startup. But I am still being reinfected with Trojan.tracur. I scanned with Malwarbytes and scanned, and sure enough, it was back. Here's the log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6991

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/1/2011 12:01:26 AM

mbam-log-2011-07-01 (00-01-26).txt

Scan type: Quick scan

Objects scanned: 175856

Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASAUTO32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Let's try this ;)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

RASAUTO32

File::

c:\windows\system32\drivers\RASAUTO32.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how your system is running :).

Link to post
Share on other sites

Here's the log, I'll run the other scans next

ComboFix 11-06-30.03 - Elaine 07/01/2011 0:19.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.472 [GMT -5:00]

Running from: c:\documents and settings\Elaine\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Elaine\Desktop\CFScript.txt

.

FILE ::

"c:\windows\system32\drivers\RASAUTO32.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_RasAuto32

.

.

((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))

.

.

2011-07-01 05:12 . 2011-07-01 05:12 -------- d-----w- c:\program files\ESET

2011-06-19 13:04 . 2011-06-19 13:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-26 15:18 . 2008-08-06 06:40 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys

2011-05-29 14:11 . 2011-05-28 18:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11 . 2011-05-28 18:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-28 16:08 . 2011-05-28 18:35 1134 ----a-w- C:\FixNCR.reg

2011-05-02 15:31 . 2006-04-30 07:10 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-04-30 06:55 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-04-30 06:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-04-30 06:55 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-01_04.41.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-01 05:26 . 2011-07-01 05:26 16384 c:\windows\temp\Perflib_Perfdata_394.dat

+ 2011-07-01 05:26 . 2011-07-01 05:26 16384 c:\windows\temp\Perflib_Perfdata_23c.dat

+ 2006-04-30 06:55 . 2011-07-01 05:06 84814 c:\windows\system32\perfc009.dat

- 2006-04-30 06:55 . 2011-07-01 04:42 84814 c:\windows\system32\perfc009.dat

+ 2006-04-30 06:55 . 2011-07-01 05:06 473528 c:\windows\system32\perfh009.dat

- 2006-04-30 06:55 . 2011-07-01 04:42 473528 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]

"TpShocks"="TpShocks.exe" [2007-11-22 181536]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]

"nwiz"="nwiz.exe" [2007-12-10 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]

"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-08-11 249856]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-6 50688]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-15 05:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 8:32 PM 19504]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 12:10 AM 11152]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 AcPrfMgrSvc32;Ac Profile Manager Service ;c:\windows\system32\fontext32.exe --> c:\windows\system32\fontext32.exe [?]

S2 EventSystem32;COM+ Event System ;c:\windows\system32\dot3svc32.exe --> c:\windows\system32\dot3svc32.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:28 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:28 PM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/28/2011 1:49 PM 39984]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

2011-07-01 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-06 14:17]

.

2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:28]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:28]

.

2011-07-01 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-06 16:22]

.

2011-07-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\www.update

Trusted Zone: westlaw.com\web2

Trusted Zone: westlaw.com\www

TCP: DhcpNameServer = 192.168.2.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-01 00:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1404)

c:\windows\system32\vrlogon.dll

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\program files\ThinkVantage Fingerprint Software\remote.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

c:\program files\ThinkVantage Fingerprint Software\crypto.dll

.

- - - - - - - > 'explorer.exe'(3656)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\TpShocks.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

.

**************************************************************************

.

Completion time: 2011-07-01 00:29:55 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-01 05:29

ComboFix2.txt 2011-07-01 04:44

.

Pre-Run: 129,685,151,744 bytes free

Post-Run: 129,680,703,488 bytes free

.

- - End Of File - - 39E8DE38D1EAEFF68992D870CE9F4822

Link to post
Share on other sites

Couldn't tear myself away. Here are the files. Now I'm really done for the night.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=6515bc5f7a071341af6a9446618889d8

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-01 06:10:09

# local_time=2011-07-01 01:10:09 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=77733

# found=1

# cleaned=1

# scan_time=1764

C:\Qoobox\Quarantine\C\WINDOWS\system32\mciqtz3232.dll.vir a variant of Win32/Kryptik.PQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Fri Jul 01 01:16:11 2011

Machine ID: 289CC478

No infection found.

-------------------

Processes

---------

Access Connections 480 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

Access Connections 3344 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

Access Connections 2824 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

Access Connections 256 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

Access Connections 3744 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

Bluetooth Software 1988 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

Bluetooth Software 4032 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

Client Security Solution 1860 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

Digital Line Detection 4084 C:\Program Files\Digital Line Detect\DLG.exe

Diskeeper Disk Defragmenter 2816 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

Diskeeper Disk Defragmenter 572 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

Drive Letter Access Component 776 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

InstallShield Update Service 1384 C:\Program Files\Common Files\Installshield\UpdateService\issch.exe

Intel® PROSet/Wireless Event Log 676 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

Intel® PROSet/Wireless Registry Servi 1340 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

Intel® PROSet/Wireless Service 2032 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

IUService.exe 3240 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

IviRegMgr Module 1152 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

logmon.exe 3776 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

Maintenance Manager 2388 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

Maintenance Manager 460 C:\WINDOWS\system32\IPSSVC.EXE

mcci+McciCMService 1040 C:\Program Files\Common Files\Motive\McciCMService.exe

Message Center Plus 2944 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\spoolsv.exe

NVIDIA Driver Helper Service, Version 1 1300 C:\WINDOWS\system32\nvsvc32.exe

On screen display 1816 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

On screen display 3476 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

Presentation Director 3472 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

Progressive Touch 3460 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Progressive Touch 3456 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

rrpservice Module 2184 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

rrservice Module 2372 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

scheduler_proxy Application 800 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

SMax4PNP Application 1804 C:\Program Files\Analog Devices\Core\smax4pnp.exe

ThinkPad EasyEject Utility 3520 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

ThinkPad Power Management Service 1652 C:\WINDOWS\system32\ibmpmsvc.exe

ThinkPad UltraZoom 2348 C:\Program Files\Lenovo\ZOOM\TpScrex.exe

ThinkVantage Active Protection System 2072 C:\WINDOWS\system32\TPHDEXLG.exe

ThinkVantage Active Protection System 3508 C:\WINDOWS\system32\TpShocks.exe

ThinkVantage Productivity Center 2500 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE

ThinkVantage System Update Service 3392 C:\Program Files\Lenovo\System Update\SUService.exe

ThinkVantage Technologies 1848 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

TSS Core Service 2112 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

tvtsched Module 2696 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

(verified) GoogleToolbarNotifier 3216 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Java Platform SE 6 U11 916 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Microsoft® Windows® Operating System 3656 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 1192 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1372 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 284 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1460 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 3436 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 3952 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 544 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 364 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2044 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1768 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 3264 C:\WINDOWS\system32\wdfmgr.exe

(verified) Microsoft® Windows® Operating System 1404 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 2484 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 3036 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 3820 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (3036) connected on port 80 (HTTP) --> 63.236.252.139

Process iexplore.exe (3036) connected on port 80 (HTTP) --> 63.236.252.122

Process iexplore.exe (3036) connected on port 80 (HTTP) --> 69.171.224.12

Process iexplore.exe (3036) connected on port 80 (HTTP) --> 74.125.225.71

Process iexplore.exe (3036) connected on port 80 (HTTP) --> 66.235.142.14

Process iexplore.exe (3036) connected on port 80 (HTTP) --> 63.236.252.122

Process DkService.exe (572) listens on ports: 31038

Process svchost.exe (1768) listens on ports: 135 (RPC)

Process tvttcsd.exe (2112) listens on ports: 6060

Autoruns and critical files

---------------------------

Access Connections C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

Access Connections C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

BATLOGEX.DLL C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL

Client Security Solution C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

Digital Line Detection C:\Program Files\Digital Line Detect\DLG.exe

Diskeeper Disk Defragmenter C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

Drive Letter Access Component C:\WINDOWS\system32\DLA\DLACTRLW.EXE

InstallShield Update Service C:\Program Files\Common Files\Installshield\UpdateService\issch.exe

InstallShield Update Service c:\Program Files\Common Files\Installshield\UpdateService\isuspm.exe

Maintenance Manager C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

Message Center Plus C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

Microsoft Genuine Advantage C:\WINDOWS\system32\KB905474\wgasetup.exe

Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

notifyf2.dll C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll

NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll

nwiz.exe C:\WINDOWS\system32\nwiz.exe

On screen display C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

Presentation Director C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

Progressive Touch C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Progressive Touch C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

psqlpwd.dll C:\WINDOWS\system32\psqlpwd.dll

PWMIDTSK.EXE C:\Program Files\ThinkPad\Utilities\PWMIDTSK.EXE

QuickFinder Component C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE

scheduler_proxy Application C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe

ThinkPad EasyEject Utility C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

ThinkPad Power Manager C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL

ThinkVantage Active Protection System C:\WINDOWS\system32\TpShocks.exe

ThinkVantage Productivity Center C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

tphklock.dll C:\Program Files\Lenovo\HOTKEY\tphklock.dll

Windows Live Toolbar C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Client Security Solution Password Manag C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx

Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

Move Streaming Media Player C:\Documents and Settings\Elaine\Application Data\Move Networks\plugins\npqmp071503000010.dll

Picasa C:\Program Files\Picasa2\npPicasa2.dll

Picasa C:\Program Files\Picasa2\npPicasa3.dll

Windows Live Toolbar C:\Program Files\Windows Live Toolbar\msntb.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

(verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Java Platform SE 6 U11 C:\Program Files\Java\jre6\bin\ssv.dll

(verified) Java Platform SE 6 U11 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

--> HKLM\Software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\"(default)"

Scan

----

MD5: ab024203b28d695783abb365307d5d5a C:\Documents and Settings\Elaine\Application Data\Move Networks\plugins\npqmp071503000010.dll

MD5: d8152dd555441e438b1511994ad3415f C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MD5: bfca7254311cc9d34cca2c03b9bbd9b3 C:\Program Files\Analog Devices\Core\smax4pnp.exe

MD5: 2d89762d96265d812fec30df4933ed12 C:\Program Files\Analog Devices\Core\SMWDMIF.dll

MD5: 65a4aee056231cc2ee689ab2e912bafa C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 7d58c9bdf9c0a3955bdcde7387ad12ac C:\Program Files\Common Files\Installshield\UpdateService\issch.exe

MD5: 1c46fc1ab600766b8554580204806e84 c:\Program Files\Common Files\Installshield\UpdateService\isuspm.exe

MD5: 213822072085b5bbad9af30ab577d817 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

MD5: e070eed262f4ff3fbc3390a808ff7dd7 C:\Program Files\Common Files\Lenovo\CDRecord.dll

MD5: c9926c63d96cc89521e0e9a26e6f68d4 C:\Program Files\Common Files\Lenovo\icudt32.dll

MD5: 5aa709f95ac36fc9b06610eef28694c6 C:\Program Files\Common Files\Lenovo\icuuc32.dll

MD5: 7fd85624f2c1b84aa7975e38fe862874 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

MD5: 0fa95e680fe4986f8bfeaaf675513dee C:\Program Files\Common Files\Lenovo\rr_res.dll

MD5: 58c27ebbbeb67a26484a1c50909c002c C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

MD5: e9ea448f1174be4052416b62263ea4ee C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

MD5: d04402cd654af1058ad9a82b73ad67c8 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

MD5: 1cc53294569cbf533ba3508492372910 C:\Program Files\Common Files\Lenovo\tvt_think_res.dll

MD5: 522b6fcb4ce07cc52ea9bec3265a5fc3 C:\Program Files\Common Files\Lenovo\ui.dll

MD5: ba6927626663da724d8658e4bcfcb7f3 C:\Program Files\Common Files\Lenovo\xml4c_5_5.dll

MD5: eb4e40d944a0663765161b84dddbd95b C:\Program Files\Common Files\Lenovo\XML4CMessages5_5.DLL

MD5: 6f315d6d4e99be003f9ff78c5df92dc1 C:\Program Files\Common Files\Lenovo\zlib.dll

MD5: 67b6f4e0db57dd2020a2415294ba4ed8 C:\Program Files\Common Files\Motive\McciCMService.exe

MD5: 26687d8e9feed2ebab77670c72007b48 C:\Program Files\Common Files\System\ado\msado15.dll

MD5: 142cedecae89e372ee347681c3fbb257 C:\Program Files\Common Files\System\msadc\msadce.dll

MD5: 81e9041dac0983aace5c8920af73d64e C:\Program Files\Common Files\System\msadc\msadcer.dll

MD5: 1ed4c96ec76c3ddfcabd7644da23f4b6 C:\Program Files\Common Files\System\Ole DB\msdasql.dll

MD5: 8985fcece06a74017e23ddd093e34d4e C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL

MD5: 73baffa0b02320690cdc606241078ce4 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll

MD5: 350483c5a139f8a39ed3191aff39bed0 C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys

MD5: cb1135906d951b574f9f2498be8f11f9 C:\Program Files\Digital Line Detect\BVRPDIAG.dll

MD5: f03ffc962e18f36a922e61f96be09925 C:\Program Files\Digital Line Detect\DLG.exe

MD5: bcf36af19f1d4728db52ed75b44a2518 C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll

MD5: 9467cc67d11345272337cc11add80507 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

MD5: ccc740586c25681729da632f4819fe6a C:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll

MD5: 0711d2e0f17b31e537b2770a618da41f C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

MD5: 21c0e443a66652c188e57f93fb3c796c C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll

MD5: 3f3cbbf128a06c12217f5fec89a56b0d C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll

MD5: dc695c26644f0e84bca590650c9a5c9b C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll

MD5: 21fcfc6fff22de67d60b475f74538163 c:\program files\google\google toolbar\googletoolbar_32.dll

MD5: 872e0242259f0cdda05354dd1a5f3b89 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll

MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: dabd8d2a111c09097ca70a797da265df C:\Program Files\Intel\Wireless\Bin\DbEngine.dll

MD5: 695e398e5858c10813e54fafc933514f C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

MD5: edb6ab3dd0270738b49f55289edf3e90 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

MD5: 7199b80a7d4283acf611da58ffb15fba C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL

MD5: 11add8816d61a6025844eb5123ec92d3 C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll

MD5: 321940630a7ac38269ed677154664ee5 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll

MD5: 3eaa5daa9bb46795e98736bc20981bb4 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll

MD5: f97fab798021153a3f34fa744877e078 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll

MD5: b3611f5cc7052fe52998984a4361880f C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

MD5: 2fd3b284ade57cfaa70a6a9753e50572 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

MD5: 09cfc0745a830d304facfa2f278ab12c C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll

MD5: 13442706d75ce85df16fe947c92f7202 C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL

MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\internet explorer\xpshims.dll

MD5: f14182123b8994e9bcacc14ef8b4d199 C:\Program Files\Lenovo\AwayTask\AwayAPI.dll

MD5: 546f1d1bcfe121962a8f5815f6b29e14 C:\Program Files\Lenovo\AwayTask\AwayDB.DLL

MD5: 78374c795b65347220250f15186b5c67 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

MD5: 128cdd6fa62c5b44e0d2970fa1ce476d C:\Program Files\Lenovo\Client Security Solution\css_banner.dll

MD5: d384e329dd63ae8a59c76fe61c471981 C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll

MD5: 18c61f3feaf7cabdd7fdb74a448c4c55 C:\Program Files\Lenovo\Client Security Solution\css_strings.dll

MD5: 725678e342304a08b72e1107188869e7 C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll

MD5: b2296b4c63eaef91a7b57d7d139d4f2d C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

MD5: c1f343aae542c2179c0364360c7c8192 C:\Program Files\Lenovo\Client Security Solution\cssdlgpwentry.dll

MD5: cfc7ddae09e19bc79725c15b8fb92c73 C:\Program Files\Lenovo\Client Security Solution\csswait.dll

MD5: 14709a4a71e53493a91cdacd3003fe44 C:\Program Files\Lenovo\Client Security Solution\dlganswerprompt.dll

MD5: 22cdad8fff0123443ecb6c4bbecaa6f7 C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll

MD5: f0d48d994cd5ef211a082ffddbb8d982 C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

MD5: 44d5be1651390476c5edb3b5df28de30 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

MD5: 7e3b42d533dc7ba80dbc3e865537bbd9 C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll

MD5: 0c3e484bf4aec2749a9f4d0a91870780 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

MD5: 04019e3cecbfcfed5bb2b0892ecd3e18 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

MD5: 0de084bb8e3f5d134d830319513bd1ea C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

MD5: 6a3e67d731756d015174c1b95e2f16f7 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll

MD5: 0c2fa49ce1f334a16cccdbd92e99b3b3 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

MD5: 3b376496187ab240fac6ecd7bd1251f6 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

MD5: 463baad36e3b7f7b98fc9cfa853f1d30 C:\Program Files\Lenovo\NPDIRECT\Oemdspif.dll

MD5: 633e16fff1ad62ef5162a9dbdd56e33c C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll

MD5: 58553a6797130add83ecf0b6bf9a7028 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

MD5: 2e72c66682e9274c97ae3f5a57c2fa33 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

MD5: e070eed262f4ff3fbc3390a808ff7dd7 C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll

MD5: c8da890df821dbe5cd5b9a10c6c82d51 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

MD5: 951675971bb6de44284cce95f33f7421 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

MD5: b384a999c5326ba7bc940347a26fc0b9 C:\Program Files\Lenovo\System Update\SUService.exe

MD5: 9c20b7570c0cffa892bc006af8b94a95 c:\program files\lenovo\system update\TvsuServiceCommon.dll

MD5: 4f76767fe9c277e835087a39240a5ef6 C:\Program Files\Lenovo\ZOOM\TpScrex.exe

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 5bc65464354a9fd3beaa28e18839734a C:\Program Files\Microsoft Office\Office10\OSA.EXE

MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files\Picasa2\npPicasa2.dll

MD5: bb2dcbf6645f43d8ab457fccc90569ab C:\Program Files\Picasa2\npPicasa3.dll

MD5: 4327ac204745a438458cd4e21591142c C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: 90746c6cbaf7f5ecd17089f9a7b62c7a C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

MD5: d14c346d293e6f83cbb55ac641ff941e C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

MD5: ad8959e4279162f17b3068dae0b7e612 C:\Program Files\ThinkPad\Bluetooth Software\BtBalloon.dll

MD5: 3155e575db273b062d00e0812de3b17e C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll

MD5: 461c01a8c777e9e628816ea481bddb28 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

MD5: 54b48d0c5640b190b4ebe7e394564c95 C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

MD5: 106d79d5d33114b7be45ba46d5c72a85 C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

MD5: 4457d1df41dd337452c4aa70cba88211 C:\Program Files\ThinkPad\ConnectUtilities\ACGolan.DLL

MD5: e77aa1667ddd62fa57b7a586ba584b4c C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll

MD5: 98d990d6b60cf825eb5ab54dae2d7614 C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll

MD5: 289d909b4e1a5f3c36fc9077e46c1ce3 C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll

MD5: 78d5555ee281daa429ae216574a06522 C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll

MD5: 1f44832b53c6ca502775a57bf5d2bbd7 C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll

MD5: 3e4c7509fe766b90b31075a1e35fc8ae C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll

MD5: ac83da08b02bc2ac4f9920523275bb0f C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

MD5: a3e3592d2ee4b088415daf0c8f192055 C:\Program Files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll

MD5: f0dfcab03cc9c71137d00c17feb08873 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

MD5: 57a5bba6a82a78605572ce9f1e814cc9 C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll

MD5: 606c6f31e2bad5884a8162bf18ad8bc0 C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll

MD5: 5e10b34b594df9fcce806793c59c7371 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

MD5: 7f01502ac13fcf79060b4a1a7f11fd58 C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll

MD5: 004dd79f540fff3d7a3a70bbc7dbd95e C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

MD5: 1c2355d7a6b2941170c5ab71dfc8107f C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll

MD5: 6f8decc0ff846a3ce883effee621ec84 C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll

MD5: 4b6a7dd546eb4e8a00e39acfcacaf08e C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll

MD5: d3786bef811f1489c8852bdb37ec1012 C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll

MD5: 11393df0aa4faba601d067cb75b2c378 C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll

MD5: 123aeace154b88f1271310a46fee80ff C:\Program Files\ThinkPad\ConnectUtilities\Res\US\TrayRes.dll

MD5: 3764f470e2a4287cf9d81039ce9cbb70 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

MD5: 155f9ecea67834cacaf860079e782815 C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll

MD5: f60acc9e1708dd4098db0447f4bf3a74 C:\Program Files\ThinkPad\TpShocks\MUI\0409\TpShocks.dll

MD5: c31caf9dd23823745159071d58ca47b5 C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL

MD5: b06e54aafc8af975fd5159af8e1896b1 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

MD5: 71d011b5ee07e750a6983ae92cf53ffe C:\Program Files\ThinkPad\Utilities\PWMIDTSK.EXE

MD5: ac89b9448cd637449eeef4e4d4eab55e C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL

MD5: c6775d0d239783bf66de694f5248b119 C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL

MD5: f65bd12003f6b324079ae8dde6627b7f C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL

MD5: 82c9cbcbf045acdc6526adaa6c98c1e5 C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL

MD5: d71f2cc1dfaf61869c0e6ca5133cb87c C:\Program Files\ThinkVantage Fingerprint Software\bio.dll

MD5: edea0d054cf5c934d65e157343dc4ee0 C:\Program Files\ThinkVantage Fingerprint Software\crypto.dll

MD5: 59de3bc15823c9f900c0e249ce5fe1e3 C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll

MD5: f701b2a106cb57bc81c776d387644c49 C:\Program Files\ThinkVantage Fingerprint Software\homepass.dll

MD5: 83cf3a96990ee4a56e17e9ba93c5f334 C:\Program Files\ThinkVantage Fingerprint Software\infra.dll

MD5: e9f548d073940650d1b8d8c34d521fc0 C:\Program Files\ThinkVantage Fingerprint Software\ps2css.dll

MD5: 9573d0a82cb6b18ce20904713e56df87 C:\Program Files\ThinkVantage Fingerprint Software\pscssint.dll

MD5: 7102afc56e27dea6ed57a983a0569c09 C:\Program Files\ThinkVantage Fingerprint Software\remote.dll

MD5: 2887b7d90c864b836f97de154d0938b5 C:\Program Files\ThinkVantage Fingerprint Software\VTI.DLL

MD5: 260e8eec64ba16a9d12ed7a97bd2a785 C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

MD5: 959fc934b766bce30aed0a8a5dbada51 C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL

MD5: ffabc99c73a97e2f185a172e5b921038 C:\Program Files\Windows Live Toolbar\en-us\mtbres.dll.mui

MD5: 0faf0281cbc1f5b8293a2a03745c0acb C:\Program Files\Windows Live Toolbar\msntb.dll

MD5: 5fe3af4beb0593cd551998243af69a5a C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

MD5: 56a2cb8119b70153fa2b01b4e83dc028 C:\Program Files\Windows Live Toolbar\mtbres.dll

MD5: cd99c9feae87c1963273f6b150251e33 C:\Program Files\Windows Media Connect 2\wmccds.exe

MD5: 7d8d4d216f2d68019d5efabdff093a23 C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE

MD5: b06e54aafc8af975fd5159af8e1896b1 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

MD5: 260e8eec64ba16a9d12ed7a97bd2a785 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

MD5: 43fbf126d8efe9cb2bca5fb1e365d832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll

MD5: f32d44a584a0b78ef3c8c1bc156ff99a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll

MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll

MD5: b8f39c9e0f0b71e454dba431cf3b99c9 C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: f282d4edd85d53e20d902cc92190c5f5 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

MD5: 429e3efafcae6c89a57cd5d8e3442cae C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 66c55f250bd9ef3a1d5d79425ce1eba5 C:\WINDOWS\system32\bthcrp.dll

MD5: 78e25f26d94ec29f46c105a0013b9c3d C:\WINDOWS\system32\btmmhook.dll

MD5: 6925050cb2a56c02f09d2a5aef7d7f68 C:\WINDOWS\system32\btosif.dll

MD5: 817b565394ec6e40f1e8f663e51e8cea C:\WINDOWS\system32\btrez.dll

MD5: b0537cc069e7a567b84557540f7039f6 C:\WINDOWS\system32\btwhidcs.DLL

MD5: c7ff9ccbf6db42b885d968e00e5cd74f C:\WINDOWS\system32\btwicons.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 7e1ad2cc04acd1582817f04343fa1529 C:\WINDOWS\system32\cssuserdatadispatcher.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 35cbc02546335ea41a5d516da6626c8a C:\WINDOWS\System32\DLA\DLABOIOM.SYS

MD5: d409f734af05d345939958f9cf9a57cf C:\WINDOWS\System32\DLA\DLACResW.dll

MD5: 17730174d7426cd567001b77341c5ece C:\WINDOWS\system32\DLA\DLACTRLW.EXE

MD5: 19e3db16de2bb3db81b172a78d140b03 C:\WINDOWS\System32\DLA\DLADResN.SYS

MD5: e4859ca5bd8412a9a60d62067a653522 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

MD5: 20c24a3d1cf0825487c93f806625805e C:\WINDOWS\System32\DLA\DLAOPIOM.SYS

MD5: 8a530da5dc81954bcf1966813f699b49 C:\WINDOWS\System32\DLA\DLAPoolM.SYS

MD5: a18423bbc6d92b01fdf3c51e7510ee70 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS

MD5: 7eda68af6a91bf64af6f301e39928ebf C:\WINDOWS\System32\DLA\DLAUDFAM.SYS

MD5: 5f7e8e359dde3a3f5aae537a5394d6e0 C:\WINDOWS\system32\DLAAPI_W.DLL

MD5: 389496118b3b03c2328024af320132ac c:\windows\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 0f2d66d5f08ebe2f77bb904288dcf6f0 C:\WINDOWS\system32\drivers\ac97intc.sys

MD5: d537f3d03c6301fefa21f3eee8cc82d8 C:\WINDOWS\system32\drivers\ADIHdAud.sys

MD5: 860df7676869cd8690cb2b23ab6de66a C:\WINDOWS\system32\drivers\AEAudio.sys

MD5: a1ad1a4a9f18d900ca9c93fa3efdcb56 C:\WINDOWS\system32\DRIVERS\AegisP.sys

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: 11ab185a7af224800bbfb5b836974a17 C:\WINDOWS\System32\drivers\ANC.SYS

MD5: 639ba7b37f25054cf5e82604e736d250 C:\WINDOWS\System32\DRIVERS\ApsHM86.sys

MD5: a3aee791db8c73882f4503bfaacd8c9e C:\WINDOWS\System32\DRIVERS\Apsx86.sys

MD5: dbf0d7e2df33b469eb55406fea759350 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

MD5: 9da09b5800b9de8336948664e3b9cc94 C:\WINDOWS\system32\DRIVERS\btkrnl.sys

MD5: 57e91e9925976bbc98984eebaaf1d84c C:\WINDOWS\System32\Drivers\btwusb.sys

MD5: ec6ae8bc9f773382d2eed49e4dfdae2a C:\WINDOWS\System32\Drivers\DLACDBHM.SYS

MD5: 0605b66052f82b6f07204dbdb61c13ff C:\WINDOWS\System32\Drivers\DLARTL_N.SYS

MD5: 48c7008d23dcfce0d0232f49307efced C:\WINDOWS\System32\Drivers\DRVMCDB.SYS

MD5: 05467e44a42c777dd1534bb4539b16d1 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS

MD5: e1e31cb759ced9bae730b86171b9c9fd C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: 307d248f97835b6879bdd361086924fe C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

MD5: 21c31273c6cc4826e74be8ae3b09d4a8 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

MD5: 6a5c4732d6803f84e2987edd8e4359ce C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

MD5: fd7f9d74c2b35dbda400804a3f5ed5d8 C:\WINDOWS\system32\DRIVERS\iaStor.sys

MD5: 083d095fed4b01fff9d501b98d50db68 C:\WINDOWS\system32\Drivers\IBMBLDID.sys

MD5: bf648877413f6160e480814a24942b65 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

MD5: f59c3569a2f2c464bb78cb1bdcdca55e C:\WINDOWS\system32\drivers\iviaspi.sys

MD5: b309912717c29fc67e1ba4730a82b6dd C:\WINDOWS\system32\drivers\mbamswissarmy.sys

MD5: 136157e79849b9e5316ba4008d6075a8 C:\WINDOWS\System32\Drivers\Mpfp.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 18b2d3e11ed7a3c898ade6a6692b6929 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

MD5: be701381b9c277a2bb84b0aa1e9b6789 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

MD5: dedef40e1d05842639491365cb2c069e C:\WINDOWS\System32\drivers\pmemnt.sys

MD5: 1d80309fed4babf8ea9e7b84a394348b C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

MD5: f8a25f1dd8b2c332cbc663e3579566e7 C:\WINDOWS\system32\DRIVERS\psadd.sys

MD5: c35ca13d3627ebd9dd12a23ce781bc3d C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

MD5: c398bca91216755b098679a8da8a2300 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

MD5: 2a2554cb24506e0a0508fc395c4a1b42 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

MD5: 2220783b32a9f91df87f3e8315f091e7 C:\WINDOWS\system32\DRIVERS\s24trans.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: b248b5fe80b285b91cb1e6f85b0ae1d7 C:\WINDOWS\system32\DRIVERS\SynTP.sys

MD5: 109d1f5cd9cc370a87901db3ddd533f1 C:\WINDOWS\System32\Drivers\tcusb.sys

MD5: 542770c8925e13b29b1ba63f05898058 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

MD5: 44672de6cea9569c21c4b7a8d2560750 C:\WINDOWS\System32\drivers\Tppwrif.sys

MD5: f2aba3066d7921d7fcdbd66dea88be11 C:\WINDOWS\System32\drivers\TSMAPIP.SYS

MD5: 49258a02a1e8d304ed88b0f1c56b1738 C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

MD5: 8ab24d4b7da715c2c80455137910e792 C:\WINDOWS\system32\DRIVERS\Tvti2c.sys

MD5: 0727cce3ff1a4446f4a1d507361567ab C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: a75ce11915e4ecc5e1597d6e0f7bb2db C:\WINDOWS\system32\ibmpmsvc.exe

MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\IEFRAME.dll

MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll

MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll

MD5: 00d8e9daebe72a5df3986fd418a995eb C:\WINDOWS\system32\IPSSVC.EXE

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: 1d7ba0cfbdb204b0a3be40bfa79ce6f1 C:\WINDOWS\system32\KB905474\wgasetup.exe

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx

MD5: d9963d39f6711e9a1c14c939c3a25605 C:\WINDOWS\system32\MdmXSdk.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL

MD5: faa8ae54906d98beedae84b3281db5af C:\WINDOWS\system32\MFC71ENU.DLL

MD5: 863abb8788d7a4562d845a70b3cca426 C:\WINDOWS\system32\MFC71U.DLL

MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll

MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll

MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL

MD5: 140ef97b64f560fd78643cae2cdad838 C:\WINDOWS\system32\mspmsnsv.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: ee76f1258276bd2eba255f721d768150 C:\WINDOWS\system32\nvapi.dll

MD5: 964f1c956dbcd1e798b7a87274521ef3 C:\WINDOWS\system32\NvCpl.dll

MD5: cf022830ddf364a6010cbbccd2640146 C:\WINDOWS\system32\nview.dll

MD5: 65ae40e615cb28b90693d2e1b85dcb51 C:\WINDOWS\system32\NvMcTray.dll

MD5: a23c8ff3a57864545952fd6ade7bb100 C:\WINDOWS\system32\nvshell.dll

MD5: d7e81ad6ac3da127005c30a8d73b35fa C:\WINDOWS\system32\nvsvc32.exe

MD5: f25eea4a68dd55ed0b5dd969eecec7fe C:\WINDOWS\system32\nvwddi.dll

MD5: 7154af96eab7f63144565e698cdcf860 C:\WINDOWS\system32\nwiz.exe

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 2c288aa87e4723ac9ff4d76a192ec3f8 C:\WINDOWS\system32\odbccp32.dll

MD5: 5ce275cdc5ffb77b1ec29dbdfe4b6689 C:\WINDOWS\system32\odbcji32.dll

MD5: 1b05dcc75fbb903a17e3e0ddaea8d508 C:\WINDOWS\system32\odbcjt32.dll

MD5: d98e426c1a952dd2ae7121c79e3e6c71 C:\WINDOWS\system32\OEMDSPIF.DLL

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 4cf26abd8b9c2e0cc867e141bc48089a C:\WINDOWS\system32\PROCHLP.DLL

MD5: 3a550a7fcc07a2c0290f28340b891cfc C:\WINDOWS\system32\psqlpwd.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll

MD5: a851d183453d80c34c4439469df91871 C:\WINDOWS\system32\Sensor.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 20b4aeab2a0e2d548081a7df3631b423 C:\WINDOWS\system32\SynCOM.dll

MD5: 4047921df57e4f543c606295f95d2a6a C:\WINDOWS\system32\SynTPAPI.dll

MD5: 347d8eaec6e615aa91561c9046688d94 C:\WINDOWS\system32\SynTPFcs.dll

MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll

MD5: d04e0cad7e701f1fbe3841d8bdb6466a C:\WINDOWS\system32\tcsrpc.dll

MD5: 3663c0f611711dac453636af562f0831 C:\WINDOWS\system32\TPHDEXLG.exe

MD5: 888b078d947edb0b1547c4df081af5b9 C:\WINDOWS\system32\TPMDDL.dll

MD5: 686cd234bf4b816291a858782c71269b C:\WINDOWS\system32\TpShocks.exe

MD5: 00bf2bb0ca1cca4c53a076b79e0d731d C:\WINDOWS\system32\tvttsp.dll

MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: f36a6947f93a13b2bcc3a00a07012acc C:\WINDOWS\system32\vrlogon.dll

MD5: d2f336ce9c27cef17edc7e8285e2ee70 C:\WINDOWS\system32\wbtapi.dll

MD5: 530a09d5c9cc6899dd0c9faeb8738a99 C:\WINDOWS\system32\WidcommSdk.dll

MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 1.13 KB recvd

Scanned 763 files and modules - 24 seconds

==============================================================================

Link to post
Share on other sites

MBAM does not show a trojan.tracur infection this morning. The system may be clean, but I'm not certain because sometimes it's been days between reinfections.

In the meantime, though, I'd like to start using the computer for work again if I can.

Link to post
Share on other sites

MBAM does not show a trojan.tracur infection this morning. The system may be clean, but I'm not certain because sometimes it's been days between reinfections.

In the meantime, though, I'd like to start using the computer for work again if I can.

You shouldn't be getting those infections anymore, we manually exterminated the driver that was causing them ;). Let me know if you come across them again.

Before we move on, please take the time to install the following updates as using outdated applications leaves you vulnerable to getting infected again :) :

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Please let me know how the updates went, as failed updates may indicate additional malware :).

Link to post
Share on other sites

Should I install the Windows x64 Runtime Environment product, or one of the others?

Yes, go ahead and install any of the updates available on Windows Update :).

Unless you have any more problems or concerns, I will provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;) :

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall McAfee AntiVirus if you haven't already.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

I removed old JREs, installed the new one, uninstalled combofix, reinstalled McAfee Antivirus Plus (which includes a firewall), and installed Firefox. McAfee uninstalled Malwarebytes, saying that it might conflict with its security center.

This morning, I've had two McAfee alerts detecting Tool-NirCmd, which it describes as a potentially unwanted program but not a virus. After I removed it the first time, I got the same alert an hour later.

Is Tool-NirCmd a problem? And can I reinstall MWAM?

Link to post
Share on other sites

I found the answer, Tool-NirCmd is a legitimate program installed by ComboFix. I've restored. Are there remnants of ComboFix on my system even after the uninstall because I ended the combo-fix install program when it was frozen?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.