Jump to content

Malware Problem - Can't Access MBytes or ComboFix


Recommended Posts

Operating System: Windows Vista

I've dealt with malware in the past have removed it successfully by using Malwarebytes and/or ComboFix. This new virus I got, however, must be a little more tricky to remove than the others have been because it won't let me run scans on Malwarebytes - it took the damn thing right off my system, giving me that dreaded "Windows cannot access the specified device, path, or file" message. Same thing happened when I opened ComboFix, though this time it took the icon right off my Desktop and I can't seem to find it on the computer.

I've had the virus for a few weeks now. At first it was tolerable because the only symptoms I was experiencing was the redirect - it would redirect me to some spam site (e.g. "get-answers-fast","yellowbook", "expedia", etc) and all this other crap upon clicking any link that came up in the search engine. I ran MB and did the quick scan. It detected infected files and I followed the instructions to remove them. Still got redirects. I ran the full scan and it detected 1 or 2 threats. Followed the directions to remove them. Still got redirects. A few days ago it got more severe and now more symptomatic. It did something weird to my desktop (basically, it looks like I'm running Windows 98 or something, LOL) and my Firefox browser (everything around the toolbar looks "basic", all black and grey), and I get more redirects.

How can I remove this ridiculous virus if I can't even run MB properly? I've tried it in Safe Mode as well and no dice.

Any help appreciated.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

TDSSKiller log:

23:58:20.0726 4412 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

23:58:21.0152 4412 ============================================================

23:58:21.0152 4412 Current date / time: 2011/10/13 23:58:21.0152

23:58:21.0152 4412 SystemInfo:

23:58:21.0152 4412

23:58:21.0153 4412 OS Version: 6.0.6000 ServicePack: 0.0

23:58:21.0153 4412 Product type: Workstation

23:58:21.0153 4412 ComputerName: ERICSANDLER

23:58:21.0153 4412 UserName: Admin

23:58:21.0153 4412 Windows directory: C:\Windows

23:58:21.0153 4412 System windows directory: C:\Windows

23:58:21.0153 4412 Processor architecture: Intel x86

23:58:21.0153 4412 Number of processors: 2

23:58:21.0153 4412 Page size: 0x1000

23:58:21.0153 4412 Boot type: Normal boot

23:58:21.0153 4412 ============================================================

23:58:22.0818 4412 Initialize success

23:58:25.0834 5824 ============================================================

23:58:25.0834 5824 Scan started

23:58:25.0834 5824 Mode: Manual;

23:58:25.0834 5824 ============================================================

23:58:27.0254 5824 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

23:58:27.0262 5824 ACPI - ok

23:58:27.0390 5824 ADIHdAudAddService (a99fc78a0b5f22e98d0ec050bd891e52) C:\Windows\system32\drivers\ADIHdAud.sys

23:58:27.0399 5824 ADIHdAudAddService - ok

23:58:27.0600 5824 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

23:58:27.0611 5824 adp94xx - ok

23:58:27.0645 5824 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

23:58:27.0654 5824 adpahci - ok

23:58:27.0680 5824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

23:58:27.0684 5824 adpu160m - ok

23:58:27.0710 5824 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

23:58:27.0715 5824 adpu320 - ok

23:58:27.0775 5824 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

23:58:27.0783 5824 AFD - ok

23:58:27.0925 5824 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

23:58:27.0927 5824 agp440 - ok

23:58:27.0944 5824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:58:27.0949 5824 aic78xx - ok

23:58:28.0011 5824 aliide (63fe281d76c5703f97bc37483db78b51) C:\Windows\system32\drivers\aliide.sys

23:58:28.0013 5824 aliide - ok

23:58:28.0045 5824 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

23:58:28.0048 5824 amdagp - ok

23:58:28.0062 5824 amdide (654044212c625a4582797b42d4b1bd89) C:\Windows\system32\drivers\amdide.sys

23:58:28.0065 5824 amdide - ok

23:58:28.0100 5824 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

23:58:28.0102 5824 AmdK7 - ok

23:58:28.0133 5824 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

23:58:28.0135 5824 AmdK8 - ok

23:58:28.0214 5824 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

23:58:28.0217 5824 arc - ok

23:58:28.0256 5824 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

23:58:28.0259 5824 arcsas - ok

23:58:28.0400 5824 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

23:58:28.0402 5824 AsyncMac - ok

23:58:28.0432 5824 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys

23:58:28.0434 5824 atapi - ok

23:58:28.0529 5824 athr (ab0e8983beb0b036485e0e97e23b69ad) C:\Windows\system32\DRIVERS\athr.sys

23:58:28.0550 5824 athr - ok

23:58:28.0606 5824 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys

23:58:28.0611 5824 b57nd60x - ok

23:58:28.0790 5824 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

23:58:28.0792 5824 Beep - ok

23:58:28.0826 5824 blbdrive - ok

23:58:28.0863 5824 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

23:58:28.0866 5824 bowser - ok

23:58:28.0900 5824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:58:28.0901 5824 BrFiltLo - ok

23:58:28.0923 5824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:58:28.0925 5824 BrFiltUp - ok

23:58:28.0958 5824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:58:28.0963 5824 Brserid - ok

23:58:28.0990 5824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:58:28.0992 5824 BrSerWdm - ok

23:58:29.0024 5824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:58:29.0026 5824 BrUsbMdm - ok

23:58:29.0053 5824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:58:29.0054 5824 BrUsbSer - ok

23:58:29.0108 5824 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys

23:58:29.0110 5824 BthEnum - ok

23:58:29.0136 5824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys

23:58:29.0137 5824 BTHMODEM - ok

23:58:29.0251 5824 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys

23:58:29.0254 5824 BthPan - ok

23:58:29.0282 5824 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys

23:58:29.0287 5824 BTHPORT - ok

23:58:29.0303 5824 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys

23:58:29.0305 5824 BTHUSB - ok

23:58:29.0369 5824 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys

23:58:29.0372 5824 btwaudio - ok

23:58:29.0406 5824 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys

23:58:29.0409 5824 btwavdt - ok

23:58:29.0446 5824 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys

23:58:29.0447 5824 btwrchid - ok

23:58:29.0502 5824 catchme - ok

23:58:29.0551 5824 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

23:58:29.0553 5824 cdfs - ok

23:58:29.0597 5824 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

23:58:29.0600 5824 cdrom - ok

23:58:29.0717 5824 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

23:58:29.0719 5824 circlass - ok

23:58:29.0771 5824 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

23:58:29.0776 5824 CLFS - ok

23:58:29.0830 5824 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

23:58:29.0832 5824 CmBatt - ok

23:58:29.0854 5824 cmdide (ed46b460be318f2411c609dd6f318991) C:\Windows\system32\drivers\cmdide.sys

23:58:29.0856 5824 cmdide - ok

23:58:29.0869 5824 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

23:58:29.0870 5824 Compbatt - ok

23:58:29.0900 5824 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

23:58:29.0919 5824 crcdisk - ok

23:58:29.0954 5824 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

23:58:29.0955 5824 Crusoe - ok

23:58:30.0061 5824 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys

23:58:30.0069 5824 CSC - ok

23:58:30.0225 5824 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

23:58:30.0241 5824 DfsC - ok

23:58:30.0352 5824 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

23:58:30.0355 5824 disk - ok

23:58:30.0450 5824 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

23:58:30.0452 5824 drmkaud - ok

23:58:30.0597 5824 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

23:58:30.0622 5824 DXGKrnl - ok

23:58:30.0956 5824 e1express (e4563be48ef4e8d8ad3edd92bb01ad9a) C:\Windows\system32\DRIVERS\e1e6032.sys

23:58:30.0978 5824 e1express - ok

23:58:31.0032 5824 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:58:31.0054 5824 E1G60 - ok

23:58:31.0109 5824 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

23:58:31.0113 5824 Ecache - ok

23:58:31.0295 5824 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

23:58:31.0304 5824 elxstor - ok

23:58:31.0480 5824 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

23:58:31.0497 5824 fastfat - ok

23:58:31.0632 5824 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

23:58:31.0655 5824 fdc - ok

23:58:31.0727 5824 ffb45b92 (8f9c688ca5100fe6b9bb0dffafbe401e) C:\Windows\2455483647:4957293.exe

23:58:31.0728 5824 Suspicious file (Hidden): C:\Windows\2455483647:4957293.exe. md5: 8f9c688ca5100fe6b9bb0dffafbe401e

23:58:31.0729 5824 ffb45b92 ( HiddenFile.Multi.Generic ) - warning

23:58:31.0729 5824 ffb45b92 - detected HiddenFile.Multi.Generic (1)

23:58:31.0765 5824 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

23:58:31.0767 5824 FileInfo - ok

23:58:31.0889 5824 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

23:58:31.0892 5824 Filetrace - ok

23:58:32.0135 5824 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

23:58:32.0151 5824 flpydisk - ok

23:58:32.0186 5824 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

23:58:32.0192 5824 FltMgr - ok

23:58:32.0349 5824 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

23:58:32.0366 5824 Fs_Rec - ok

23:58:32.0393 5824 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

23:58:32.0395 5824 gagp30kx - ok

23:58:32.0443 5824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:58:32.0462 5824 GEARAspiWDM - ok

23:58:32.0545 5824 HBtnKey (5f90a1611029b7abc2db01adb534d047) C:\Windows\system32\DRIVERS\tkbtnpn.sys

23:58:32.0547 5824 HBtnKey - ok

23:58:32.0597 5824 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

23:58:32.0604 5824 HdAudAddService - ok

23:58:32.0661 5824 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:58:32.0662 5824 HDAudBus - ok

23:58:32.0705 5824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:58:32.0707 5824 HidBth - ok

23:58:32.0830 5824 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:58:32.0832 5824 HidIr - ok

23:58:32.0879 5824 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

23:58:32.0881 5824 HidUsb - ok

23:58:32.0912 5824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

23:58:32.0914 5824 HpCISSs - ok

23:58:32.0977 5824 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

23:58:33.0000 5824 HSFHWAZL - ok

23:58:33.0225 5824 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys

23:58:33.0250 5824 HSF_DPV - ok

23:58:33.0407 5824 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

23:58:33.0413 5824 HSXHWAZL - ok

23:58:33.0476 5824 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

23:58:33.0487 5824 HTTP - ok

23:58:33.0523 5824 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

23:58:33.0525 5824 i2omp - ok

23:58:33.0598 5824 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

23:58:33.0600 5824 i8042prt - ok

23:58:33.0737 5824 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

23:58:33.0794 5824 ialm - ok

23:58:33.0934 5824 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys

23:58:33.0938 5824 iaStor - ok

23:58:33.0987 5824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

23:58:33.0994 5824 iaStorV - ok

23:58:34.0040 5824 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

23:58:34.0042 5824 IBMPMDRV - ok

23:58:34.0224 5824 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

23:58:34.0252 5824 igfx - ok

23:58:34.0403 5824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:58:34.0405 5824 iirsp - ok

23:58:34.0480 5824 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys

23:58:34.0482 5824 intelide - ok

23:58:34.0504 5824 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

23:58:34.0506 5824 intelppm - ok

23:58:34.0541 5824 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:58:34.0544 5824 IpFilterDriver - ok

23:58:34.0563 5824 IpInIp - ok

23:58:34.0594 5824 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

23:58:34.0597 5824 IPMIDRV - ok

23:58:34.0637 5824 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

23:58:34.0641 5824 IPNAT - ok

23:58:34.0711 5824 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys

23:58:34.0714 5824 irda - ok

23:58:34.0741 5824 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

23:58:34.0742 5824 IRENUM - ok

23:58:34.0806 5824 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

23:58:34.0808 5824 isapnp - ok

23:58:34.0905 5824 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

23:58:34.0909 5824 iScsiPrt - ok

23:58:34.0929 5824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:58:34.0931 5824 iteatapi - ok

23:58:34.0957 5824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:58:34.0959 5824 iteraid - ok

23:58:35.0023 5824 Iviaspi (6cc0445b21295f16116cf787f8028444) C:\Windows\system32\drivers\iviaspi.sys

23:58:35.0038 5824 Iviaspi - ok

23:58:35.0085 5824 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

23:58:35.0087 5824 kbdclass - ok

23:58:35.0099 5824 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

23:58:35.0102 5824 kbdhid - ok

23:58:35.0169 5824 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

23:58:35.0179 5824 KSecDD - ok

23:58:35.0315 5824 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys

23:58:35.0317 5824 lenovo.smi - ok

23:58:35.0347 5824 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

23:58:35.0349 5824 lltdio - ok

23:58:35.0377 5824 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

23:58:35.0380 5824 LSI_FC - ok

23:58:35.0407 5824 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

23:58:35.0410 5824 LSI_SAS - ok

23:58:35.0443 5824 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

23:58:35.0445 5824 LSI_SCSI - ok

23:58:35.0467 5824 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

23:58:35.0470 5824 luafv - ok

23:58:35.0531 5824 mchInjDrv - ok

23:58:35.0573 5824 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

23:58:35.0575 5824 mdmxsdk - ok

23:58:35.0602 5824 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

23:58:35.0604 5824 megasas - ok

23:58:35.0711 5824 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

23:58:35.0712 5824 Modem - ok

23:58:35.0759 5824 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

23:58:35.0760 5824 monitor - ok

23:58:35.0811 5824 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

23:58:35.0813 5824 mouclass - ok

23:58:35.0842 5824 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

23:58:35.0844 5824 mouhid - ok

23:58:35.0883 5824 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

23:58:35.0885 5824 MountMgr - ok

23:58:35.0937 5824 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

23:58:35.0940 5824 mpio - ok

23:58:35.0987 5824 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

23:58:35.0989 5824 mpsdrv - ok

23:58:36.0017 5824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:58:36.0019 5824 Mraid35x - ok

23:58:36.0059 5824 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

23:58:36.0062 5824 MRxDAV - ok

23:58:36.0117 5824 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:58:36.0121 5824 mrxsmb - ok

23:58:36.0226 5824 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:58:36.0231 5824 mrxsmb10 - ok

23:58:36.0247 5824 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:58:36.0249 5824 mrxsmb20 - ok

23:58:36.0290 5824 msahci (0a37a1ba8afe084899bf82eef923daea) C:\Windows\system32\drivers\msahci.sys

23:58:36.0292 5824 msahci - ok

23:58:36.0315 5824 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

23:58:36.0318 5824 msdsm - ok

23:58:36.0371 5824 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

23:58:36.0373 5824 Msfs - ok

23:58:36.0428 5824 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

23:58:36.0430 5824 msisadrv - ok

23:58:36.0481 5824 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

23:58:36.0483 5824 MSKSSRV - ok

23:58:36.0502 5824 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

23:58:36.0503 5824 MSPCLOCK - ok

23:58:36.0529 5824 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

23:58:36.0530 5824 MSPQM - ok

23:58:36.0562 5824 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

23:58:36.0567 5824 MsRPC - ok

23:58:36.0672 5824 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

23:58:36.0674 5824 mssmbios - ok

23:58:36.0715 5824 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

23:58:36.0717 5824 MSTEE - ok

23:58:36.0747 5824 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

23:58:36.0749 5824 Mup - ok

23:58:36.0808 5824 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

23:58:36.0813 5824 NativeWifiP - ok

23:58:36.0887 5824 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

23:58:36.0900 5824 NDIS - ok

23:58:36.0949 5824 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

23:58:36.0951 5824 NdisTapi - ok

23:58:36.0980 5824 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

23:58:36.0982 5824 Ndisuio - ok

23:58:37.0016 5824 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

23:58:37.0020 5824 NdisWan - ok

23:58:37.0113 5824 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

23:58:37.0116 5824 NDProxy - ok

23:58:37.0135 5824 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

23:58:37.0137 5824 NetBIOS - ok

23:58:37.0165 5824 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

23:58:37.0170 5824 netbt - ok

23:58:37.0385 5824 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

23:58:37.0430 5824 NETw3v32 - ok

23:58:37.0491 5824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:58:37.0493 5824 nfrd960 - ok

23:58:37.0606 5824 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

23:58:37.0608 5824 Npfs - ok

23:58:37.0653 5824 NSCIRDA (c9294e01e45139fd77e16ec07fd86f61) C:\Windows\system32\DRIVERS\nscirda.sys

23:58:37.0656 5824 NSCIRDA - ok

23:58:37.0684 5824 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

23:58:37.0686 5824 nsiproxy - ok

23:58:37.0777 5824 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

23:58:37.0804 5824 Ntfs - ok

23:58:37.0854 5824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:58:37.0856 5824 ntrigdigi - ok

23:58:37.0981 5824 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

23:58:37.0982 5824 Null - ok

23:58:38.0007 5824 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

23:58:38.0011 5824 nvraid - ok

23:58:38.0035 5824 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

23:58:38.0037 5824 nvstor - ok

23:58:38.0079 5824 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

23:58:38.0083 5824 nv_agp - ok

23:58:38.0158 5824 NWADI (fc2a8aaa0f3321f41231ede0af1968ae) C:\Windows\system32\DRIVERS\NWADIenum.sys

23:58:38.0165 5824 NWADI - ok

23:58:38.0183 5824 NwlnkFlt - ok

23:58:38.0197 5824 NwlnkFwd - ok

23:58:38.0234 5824 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys

23:58:38.0236 5824 NWUSBCDFIL - ok

23:58:38.0302 5824 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys

23:58:38.0307 5824 NWUSBModem - ok

23:58:38.0336 5824 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys

23:58:38.0342 5824 NWUSBPort - ok

23:58:38.0410 5824 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys

23:58:38.0416 5824 NWUSBPort2 - ok

23:58:38.0520 5824 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

23:58:38.0523 5824 ohci1394 - ok

23:58:38.0620 5824 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys

23:58:38.0623 5824 Parport - ok

23:58:38.0648 5824 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

23:58:38.0650 5824 partmgr - ok

23:58:38.0677 5824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys

23:58:38.0679 5824 Parvdm - ok

23:58:38.0715 5824 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

23:58:38.0721 5824 pci - ok

23:58:38.0785 5824 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\DRIVERS\pciide.sys

23:58:38.0787 5824 pciide - ok

23:58:38.0833 5824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

23:58:38.0838 5824 pcmcia - ok

23:58:38.0987 5824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:58:39.0010 5824 PEAUTH - ok

23:58:39.0156 5824 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

23:58:39.0159 5824 PptpMiniport - ok

23:58:39.0219 5824 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS

23:58:39.0221 5824 PROCDD - ok

23:58:39.0329 5824 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

23:58:39.0332 5824 Processor - ok

23:58:39.0396 5824 psadd (aac08defb15aaab00b30341c716efa35) C:\Windows\system32\DRIVERS\psadd.sys

23:58:39.0398 5824 psadd - ok

23:58:39.0452 5824 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

23:58:39.0455 5824 PSched - ok

23:58:39.0512 5824 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

23:58:39.0515 5824 PxHelp20 - ok

23:58:39.0572 5824 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

23:58:39.0596 5824 ql2300 - ok

23:58:39.0720 5824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:58:39.0724 5824 ql40xx - ok

23:58:39.0758 5824 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

23:58:39.0761 5824 QWAVEdrv - ok

23:58:39.0819 5824 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

23:58:39.0821 5824 RasAcd - ok

23:58:39.0896 5824 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:58:39.0899 5824 Rasl2tp - ok

23:58:39.0932 5824 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

23:58:39.0934 5824 RasPppoe - ok

23:58:39.0966 5824 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

23:58:39.0972 5824 rdbss - ok

23:58:39.0996 5824 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:58:39.0997 5824 RDPCDD - ok

23:58:40.0036 5824 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys

23:58:40.0043 5824 rdpdr - ok

23:58:40.0143 5824 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

23:58:40.0145 5824 RDPENCDD - ok

23:58:40.0190 5824 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

23:58:40.0195 5824 RDPWD - ok

23:58:40.0253 5824 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys

23:58:40.0256 5824 RFCOMM - ok

23:58:40.0321 5824 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

23:58:40.0324 5824 rspndr - ok

23:58:40.0358 5824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:58:40.0361 5824 sbp2port - ok

23:58:40.0431 5824 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

23:58:40.0434 5824 sdbus - ok

23:58:40.0476 5824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:58:40.0479 5824 secdrv - ok

23:58:40.0517 5824 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

23:58:40.0519 5824 Serenum - ok

23:58:40.0575 5824 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys

23:58:40.0579 5824 Serial - ok

23:58:40.0622 5824 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

23:58:40.0624 5824 sermouse - ok

23:58:40.0772 5824 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys

23:58:40.0774 5824 sffdisk - ok

23:58:40.0819 5824 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

23:58:40.0821 5824 sffp_mmc - ok

23:58:40.0854 5824 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys

23:58:40.0855 5824 sffp_sd - ok

23:58:40.0889 5824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys

23:58:40.0891 5824 sfloppy - ok

23:58:40.0940 5824 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

23:58:40.0943 5824 sisagp - ok

23:58:40.0973 5824 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

23:58:40.0976 5824 SiSRaid2 - ok

23:58:40.0999 5824 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

23:58:41.0002 5824 SiSRaid4 - ok

23:58:41.0049 5824 Smb (e15ab2c9d2776ef627ae55c8cb6c3b8f) C:\Windows\system32\DRIVERS\smb.sys

23:58:41.0052 5824 Smb ( Rootkit.Win32.ZAccess.e ) - infected

23:58:41.0052 5824 Smb - detected Rootkit.Win32.ZAccess.e (0)

23:58:41.0081 5824 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

23:58:41.0082 5824 spldr - ok

23:58:41.0150 5824 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

23:58:41.0157 5824 srv - ok

23:58:41.0304 5824 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

23:58:41.0307 5824 srv2 - ok

23:58:41.0352 5824 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

23:58:41.0355 5824 srvnet - ok

23:58:41.0404 5824 STI2303X (4d8270534d082b2a00abce0f2ef7de6f) C:\Windows\system32\Drivers\STI2303X.sys

23:58:41.0405 5824 STI2303X - ok

23:58:41.0491 5824 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

23:58:41.0493 5824 swenum - ok

23:58:41.0524 5824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:58:41.0526 5824 Symc8xx - ok

23:58:41.0551 5824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:58:41.0553 5824 Sym_hi - ok

23:58:41.0580 5824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:58:41.0582 5824 Sym_u3 - ok

23:58:41.0776 5824 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

23:58:41.0796 5824 Tcpip - ok

23:58:41.0831 5824 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

23:58:41.0842 5824 Tcpip6 - ok

23:58:41.0869 5824 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

23:58:41.0871 5824 tcpipreg - ok

23:58:41.0930 5824 TcUsb (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys

23:58:41.0932 5824 TcUsb - ok

23:58:41.0973 5824 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

23:58:41.0975 5824 TDPIPE - ok

23:58:42.0004 5824 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

23:58:42.0007 5824 TDTCP - ok

23:58:42.0034 5824 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

23:58:42.0037 5824 tdx - ok

23:58:42.0069 5824 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

23:58:42.0072 5824 TermDD - ok

23:58:42.0236 5824 Tp4Track (b0cfa3e60b39d692037d1702c6519e0b) C:\Windows\system32\DRIVERS\tp4track.sys

23:58:42.0238 5824 Tp4Track - ok

23:58:42.0425 5824 tpflhlp (8e66af0a4976666436e721232e92c04c) C:\Program Files\Lenovo\System Update\session\7juj09us\tpflhlp.sys

23:58:42.0427 5824 tpflhlp - ok

23:58:42.0483 5824 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys

23:58:42.0485 5824 TPM - ok

23:58:42.0555 5824 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys

23:58:42.0557 5824 TPPWRIF - ok

23:58:42.0740 5824 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:58:42.0742 5824 tssecsrv - ok

23:58:42.0786 5824 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

23:58:42.0788 5824 tunmp - ok

23:58:42.0834 5824 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

23:58:42.0836 5824 tunnel - ok

23:58:42.0903 5824 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys

23:58:42.0904 5824 tvtfilter - ok

23:58:42.0960 5824 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\Windows\system32\DRIVERS\Tvti2c.sys

23:58:42.0962 5824 TVTI2C - ok

23:58:43.0023 5824 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

23:58:43.0026 5824 uagp35 - ok

23:58:43.0056 5824 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

23:58:43.0063 5824 udfs - ok

23:58:43.0112 5824 UIUSys - ok

23:58:43.0150 5824 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

23:58:43.0153 5824 uliagpkx - ok

23:58:43.0196 5824 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

23:58:43.0203 5824 uliahci - ok

23:58:43.0256 5824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:58:43.0260 5824 UlSata - ok

23:58:43.0385 5824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:58:43.0389 5824 ulsata2 - ok

23:58:43.0411 5824 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

23:58:43.0414 5824 umbus - ok

23:58:43.0491 5824 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

23:58:43.0494 5824 USBAAPL - ok

23:58:43.0561 5824 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys

23:58:43.0565 5824 usbaudio - ok

23:58:43.0609 5824 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

23:58:43.0613 5824 usbccgp - ok

23:58:43.0642 5824 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:58:43.0646 5824 usbcir - ok

23:58:43.0707 5824 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

23:58:43.0710 5824 usbehci - ok

23:58:43.0793 5824 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

23:58:43.0799 5824 usbhub - ok

23:58:43.0896 5824 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

23:58:43.0898 5824 usbohci - ok

23:58:43.0917 5824 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

23:58:43.0920 5824 usbprint - ok

23:58:43.0990 5824 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

23:58:43.0992 5824 usbscan - ok

23:58:44.0029 5824 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:58:44.0032 5824 USBSTOR - ok

23:58:44.0069 5824 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys

23:58:44.0071 5824 usbuhci - ok

23:58:44.0117 5824 usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys

23:58:44.0119 5824 usb_rndisx - ok

23:58:44.0160 5824 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

23:58:44.0163 5824 vga - ok

23:58:44.0187 5824 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

23:58:44.0190 5824 VgaSave - ok

23:58:44.0226 5824 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

23:58:44.0229 5824 viaagp - ok

23:58:44.0297 5824 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

23:58:44.0300 5824 ViaC7 - ok

23:58:44.0336 5824 viaide (9fa7c28d7088058cc9796008812f40e5) C:\Windows\system32\drivers\viaide.sys

23:58:44.0338 5824 viaide - ok

23:58:44.0364 5824 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

23:58:44.0367 5824 volmgr - ok

23:58:44.0472 5824 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

23:58:44.0481 5824 volmgrx - ok

23:58:44.0540 5824 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

23:58:44.0547 5824 volsnap - ok

23:58:44.0575 5824 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

23:58:44.0580 5824 vsmraid - ok

23:58:44.0623 5824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\DRIVERS\wacompen.sys

23:58:44.0625 5824 WacomPen - ok

23:58:44.0679 5824 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

23:58:44.0682 5824 Wanarp - ok

23:58:44.0691 5824 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

23:58:44.0692 5824 Wanarpv6 - ok

23:58:44.0736 5824 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

23:58:44.0739 5824 Wd - ok

23:58:44.0816 5824 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

23:58:44.0831 5824 Wdf01000 - ok

23:58:45.0034 5824 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

23:58:45.0053 5824 winachsf - ok

23:58:45.0135 5824 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

23:58:45.0137 5824 WmiAcpi - ok

23:58:45.0209 5824 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

23:58:45.0212 5824 WpdUsb - ok

23:58:45.0241 5824 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

23:58:45.0243 5824 ws2ifsl - ok

23:58:45.0319 5824 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:58:45.0322 5824 WUDFRd - ok

23:58:45.0364 5824 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys

23:58:45.0366 5824 XAudio - ok

23:58:45.0465 5824 MBR (0x1B8) (76ed68d3272438ef1d38dbb735e5c29d) \Device\Harddisk0\DR0

23:58:45.0481 5824 \Device\Harddisk0\DR0 - ok

23:58:45.0506 5824 Boot (0x1200) (e02b83e06399588e0913de30650d0b36) \Device\Harddisk0\DR0\Partition0

23:58:45.0508 5824 \Device\Harddisk0\DR0\Partition0 - ok

23:58:45.0509 5824 ============================================================

23:58:45.0509 5824 Scan finished

23:58:45.0509 5824 ============================================================

23:58:45.0532 5352 Detected object count: 2

23:58:45.0532 5352 Actual detected object count: 2

23:59:07.0976 5352 ffb45b92 ( HiddenFile.Multi.Generic ) - skipped by user

23:59:07.0976 5352 ffb45b92 ( HiddenFile.Multi.Generic ) - User select action: Skip

23:59:08.0132 5352 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\smb.sys) error 1813

23:59:13.0526 5352 Backup copy found, using it..

23:59:13.0540 5352 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot

23:59:13.0540 5352 Smb ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

23:59:41.0450 0684 Deinitialize success

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_23

Run by Admin at 0:09:32 on 2011-10-14

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2038.1207 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

C:\Windows\system32\IPSSVC.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe

C:\Program Files\SMART Board Software\SMARTBoardService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

c:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\SMART Board Software\SMARTBoardTools.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\SMART Board Software\Aware.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\SMART Board Software\Marker.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://lenovo.live.com

uInternet Settings,ProxyServer = http=127.0.0.1:61737

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog

mRun: [iBMTBCTL] "c:\program files\thinkpad\tablet shortcut\IBMTBCTL.EXE" /r

mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MRT] "c:\windows\system32\MRT.exe" /R

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\users\kcdadmin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe

StartupFolder: c:\users\kcdadmin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart board software\SMARTBoardTools.exe

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office10\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{E6D21EA0-98F4-47F7-B3D8-D086B681A025} : DhcpNameServer = 10.0.0.1

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\kcdadmin\appdata\roaming\mozilla\firefox\profiles\er0e4p5e.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61737

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-10-20 13744]

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 565248]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]

R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-4-25 443712]

R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2007-12-20 53248]

R2 tp4serv;tp4serv;c:\program files\lenovo\trackpoint\tp4servinst.exe [2007-11-8 35616]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 55936]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-10 569344]

R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-11-8 22568]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]

S2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2007-12-20 73728]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]

S3 STI2303X;SMART Board cable;c:\windows\system32\drivers\STI2303X.sys [2005-7-8 13440]

S3 tpflhlp;tpflhlp;c:\program files\lenovo\system update\session\7juj09us\tpflhlp.sys [2007-8-9 13360]

.

=============== File Associations ===============

.

exefile="c:\windows\system32\config\systemprofile\appdata\local\xoq.exe" -a "%1" %*

.

=============== Created Last 30 ================

.

2011-10-01 23:25:47 -------- d-s---w- C:\ComboFix

2011-09-30 23:53:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-20 15:48:40 -------- d-----w- c:\users\kcdadmin\appdata\roaming\OpenOffice.org

2011-09-20 15:42:37 -------- d-----w- c:\program files\JRE

2011-09-20 15:42:26 -------- d-----w- c:\program files\OpenOffice.org 3

.

==================== Find3M ====================

.

2011-10-14 04:00:50 66048 ----a-w- c:\windows\system32\drivers\smb.sys

2011-10-04 23:02:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 0:10:15.52 ===============

Link to post
Share on other sites

  • Staff

Hi,

Don't use Quote tags please.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.